Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance.
“These vulnerabilities could have been exploited to read all mail traffic or as an entry vector into the internal network,” InfoGuard Labs researchers Dario Weiss, Manuel Feifel, and Olivier Becker said in a Monday report.
The list of identified flaws is as follows –
- CVE-2026-2743 (CVSS score: 10.0) – A path traversal vulnerability in the SeppMail User Web Interface’s large file transfer (LFT) feature that could enable arbitrary file write, resulting in remote code execution.
- CVE-2026-7864 (CVSS score: 6.9) – An exposure of sensitive system information vulnerability that leaks server environment variables through an unauthenticated endpoint in the new GINA UI.
- CVE-2026-44125 (CVSS score: 9.3) – A missing authorization check vulnerability for multiple endpoints in the new GINA UI that allows unauthenticated remote attackers to access functionality that would otherwise require a valid session.
- CVE-2026-44126 (CVSS score: 9.2) – A deserialization of untrusted data vulnerability that allows unauthenticated remote attackers to execute code via a crafted serialized object.
- CVE-2026-44127 (CVSS score: 8.8) – An unauthenticated path traversal vulnerability in “/api.app/attachment/preview” that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileges of the “api.app” process.
- CVE-2026-44128 (CVSS score: 9.3) – An eval injection vulnerability that allows unauthenticated remote code execution by taking advantage of the fact that the /api.app/template feature directly passes user-supplied upldd parameter into a Perl eval() statement without any sanitization.
- CVE-2026-44129 (CVSS score: 8.3) – An improper neutralization of special elements used in a template engine vulnerability that allows remote attackers to execute arbitrary template expressions and potentially achieve remote code execution depending on the enabled template plugins.
In a hypothetical attack scenario, a threat actor could exploit CVE-2026-2743 to overwrite the system’s syslog configuration (“/etc/syslog.conf”) by making use of the “nobody” user’s write access to the file and ultimately obtain a Perl-based reverse shell. The end result is a complete takeover of the SEPPmail appliance, permitting the attacker to read all mail traffic and persist indefinitely on the gateway.
One significant hurdle that an attacker must overcome to achieve remote code execution is that syslogd re-reads the configuration only upon receiving the SIGHUP (aka “signal hang up”) signal. Syslogd is a Linux system daemon responsible for writing system messages to log files or a user’s terminal.
“The appliance uses…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
