Primary

Context

SEPPmail Secure Email Gateway Unauthenticated Remote Code Execution Vulnerability via Insecure Deserialization

Vulnerability

Patched

A vulnerability allowing unauthenticated remote code execution has been identified in SEPPmail Secure Email Gateway versions prior to 15.0.4. This issue arises from the insecure deserialization of untrusted data, which can be accessed through the new GINA user interface.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution on the server where SEPPmail Secure Email Gateway is running.

Remediation

Users can update to SEPPmail Secure Email Gateway version 15.0.4 or later to address this vulnerability.

Added: May 8, 2026, 2:45 PM

Updated: May 8, 2026, 2:45 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

7.5

exploitability

7.7

remediation

7.7

relevance

7.8

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

7.5

exploitability

7.7

remediation

7.7

relevance

7.8

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SEPPmail Secure Email Gateway Unauthenticated Remote Code Execution Vulnerability via Insecure Deserialization

Vulnerability

Impact

Remediation

Affected Products

SEPPmail Secure Email Gateway

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating