Insecure Deserialization in SEPPmail Secure Email Gateway
CVE-2026-44126

9.2CRITICAL

Key Information:

Vendor: Seppmail Ag
Status: Secure Email Gateway
Vendor: CVE Published:; 8 May 2026

🔔 Create Seppmail Ag Vulnerability Alert

What is CVE-2026-44126?

The SEPPmail Secure Email Gateway versions prior to 15.0.4 are susceptible to a vulnerability where untrusted data is insecurely deserialized. This flaw can be exploited through the GINA user interface, which may permit unauthenticated attackers to execute arbitrary code by sending a specially crafted serialized object. Organizations using affected versions should consider upgrading to the latest version to mitigate potential security risks.

Affected Version(s)

Secure Email Gateway 0 < 15.0.4

References

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.ht...

https://labs.infoguard.ch/posts/seppmail_secure_e-mail_ga...

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 5, 2026

CVE-2026-44126 Data

JSON