Vulnerability Description
SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote attackers to execute arbitrary template expressions and potentially achieve remote code execution depending on the enabled template plugins.
Related Weaknesses (CWE)
References
- https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security
- https://labs.infoguard.ch/posts/seppmail_secure_e-mail_gateway_rce_vulnerabiliti
FAQ
What is CVE-2026-44129?
CVE-2026-44129 is a documented vulnerability. SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote...
How severe is CVE-2026-44129?
CVSS scoring is not yet available for CVE-2026-44129. Check NVD for updates.
Is there a patch for CVE-2026-44129?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.