Server-Side Template Injection Vulnerability in SEPPmail Secure Email Gateway
CVE-2026-44129

8.3HIGH

Key Information:

Vendor: Seppmail Ag
Status: Secure Email Gateway
Vendor: CVE Published:; 8 May 2026

🔔 Create Seppmail Ag Vulnerability Alert

What is CVE-2026-44129?

SEPPmail Secure Email Gateway prior to version 15.0.4 is susceptible to a server-side template injection vulnerability within its new GINA UI. This flaw allows attackers to send malicious requests containing crafted templates, which the server processes without adequate validation. As a result, it can lead to the execution of arbitrary template expressions. Depending on the template plugins enabled on the server, this may result in remote code execution, posing significant security risks to affected systems. Organizations utilizing this product should upgrade to version 15.0.4 or later to mitigate such vulnerabilities.

Affected Version(s)

Secure Email Gateway 0 < 15.0.4

References

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.ht...

https://labs.infoguard.ch/posts/seppmail_secure_e-mail_ga...

CVSS V4

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 5, 2026

CVE-2026-44129 Data

JSON