Remote Code Execution Vulnerability in SEPPmail Secure Email Gateway
CVE-2026-44128

9.3CRITICAL

Key Information:

Vendor: Seppmail Ag
Status: Secure Email Gateway
Vendor: CVE Published:; 8 May 2026

🔔 Create Seppmail Ag Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2026-44128?

SEPPmail Secure Email Gateway versions before 15.0.2.1 are susceptible to a remote code execution vulnerability. This issue arises in the new GINA UI, where an endpoint incorrectly handles user-controlled input from a parameter that is processed by Perl's eval function. An attacker could exploit this flaw to execute arbitrary code on the server, potentially leading to unauthorized access and system compromise.

Affected Version(s)

Secure Email Gateway 0 < 15.0.2.1

News Articles

The Hacker News

CVE-2026-2743 CVE-2026-44128

SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access

Seven SEPPMail Secure E-Mail Gateway flaws disclosed, including RCE, path traversal, authorization, deserialization, and eval injection flaws.

1 month ago

thmubnail image

References

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.ht...

https://labs.infoguard.ch/posts/seppmail_secure_e-mail_ga...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by The Hacker News
May 19, 2026
Vulnerability published
May 8, 2026
Vulnerability Reserved
May 5, 2026

CVE-2026-44128 Data

.