Unauthenticated Path Traversal Vulnerability in SEPPmail Secure Email Gateway
CVE-2026-44127
8.8HIGH
What is CVE-2026-44127?
The SEPPmail Secure Email Gateway before version 15.0.4 is impacted by an unauthenticated path traversal vulnerability. This flaw allows remote attackers to exploit the identifier parameter in /api.app/attachment/preview. By doing so, they can access and read arbitrary local files on the server. Additionally, this vulnerability can lead to the deletion of files within the targeted directory, executing operations with the privileges of the api.app process.
Affected Version(s)
Secure Email Gateway 0 < 15.0.4
References
EPSS Score
15% chance of being exploited in the next 30 days.
CVSS V4
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
