Improper Attachment Filename Handling in SEPPmail by SEPPmail AG
CVE-2026-8811

7.1HIGH

Key Information:

Vendor: Seppmail Ag
Status: Secure Email Gateway
Vendor: CVE Published:; 18 June 2026

🔔 Create Seppmail Ag Vulnerability Alert

What is CVE-2026-8811?

SEPPmail versions prior to 15.0.5 are susceptible to an improper handling of attachment filenames, which occurs during encrypted PDF generation. This vulnerability could allow an attacker to perform a path traversal attack, potentially yielding unauthorized access to create files in unintended directories, including web-accessible locations. This could lead to significant security risks if exploited.

Affected Version(s)

Secure Email Gateway 0 < 15.0.5

References

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.ht...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2026
Vulnerability Reserved
May 18, 2026

Credit

Andris Suter-Dörig (ETH Zürich, Applied Crypto Group)

Olivier Becker (InfoGuard AG)

CVE-2026-8811 Data

JSON