Improper S/MIME Certificate Validation in SEPPmail Secure Email Gateway
CVE-2026-2748

7.8HIGH

Key Information:

Vendor: Seppmail
Status: Secure Email Gateway
Vendor: CVE Published:; 4 March 2026

What is CVE-2026-2748?

The SEPPmail Secure Email Gateway prior to version 15.0.1 is vulnerable due to improper validation of S/MIME certificates associated with email addresses that contain whitespace characters. This flaw enables attackers to perform signature spoofing, potentially undermining the integrity of email communications.

Affected Version(s)

Secure Email Gateway 0 < 15.0.1

References

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.ht...

release-notes

CVSS V4

Score:

7.8

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2026
Vulnerability Reserved
Feb 19, 2026

Credit

Andris Suter-Dörig

Matteo Scarlata

Kenny Paterson

CVE-2026-2748 Data

JSON

Seppmail

What is CVE-2026-2748?

Affected Version(s)

References

CVSS V4

Timeline

Credit