Vulnerability Description
SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileges of the api.app process.
Related Weaknesses (CWE)
References
- https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security
- https://labs.infoguard.ch/posts/seppmail_secure_e-mail_gateway_rce_vulnerabiliti
FAQ
What is CVE-2026-44127?
CVE-2026-44127 is a documented vulnerability. SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to ...
How severe is CVE-2026-44127?
CVSS scoring is not yet available for CVE-2026-44127. Check NVD for updates.
Is there a patch for CVE-2026-44127?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.