HTML Injection Vulnerability in SEPPmail Secure Email Gateway
CVE-2026-29136

5.3MEDIUM

Key Information:

Vendor: Seppmail
Status: Secure Email Gateway
Vendor: CVE Published:; 2 April 2026

What is CVE-2026-29136?

An HTML injection vulnerability in SEPPmail Secure Email Gateway versions before 15.0.3 enables attackers to manipulate notification emails related to new CA certificates. This flaw can allow unauthorized content insertion into email communications, posing risks to the integrity of the notifications. Organizations using affected versions should upgrade to version 15.0.3 or later to mitigate this risk.

Affected Version(s)

Secure Email Gateway 0 < 15.0.3

References

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.ht...

release-notes

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2026
Vulnerability Reserved
Mar 4, 2026

Credit

Andris Suter-Dörig

Matteo Scarlata

Kenny Paterson

CVE-2026-29136 Data

JSON

Seppmail

What is CVE-2026-29136?

Affected Version(s)

References

CVSS V4

Timeline

Credit