Primary

Context

SEPPmail Secure Email Gateway Server-Side Template Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Patched

A server-side template injection vulnerability has been identified in SEPPmail Secure Email Gateway versions prior to 15.0.4. This vulnerability exists in the new GINA user interface, where an endpoint accepts attacker-controlled templates. This flaw allows remote attackers to execute arbitrary template expressions, potentially leading to remote code execution, depending on the enabled template plugins.

Impact

Exploitation of this vulnerability could result in unauthorized execution of code on the server where SEPPmail Secure Email Gateway is running.

Remediation

Users can update to SEPPmail Secure Email Gateway version 15.0.4 or later to address this vulnerability.

Added: May 8, 2026, 2:38 PM

Updated: May 8, 2026, 2:38 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

7.5

exploitability

7.6

remediation

7.7

relevance

7.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

7.5

exploitability

7.6

remediation

7.7

relevance

7.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SEPPmail Secure Email Gateway Server-Side Template Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

SEPPmail Secure Email Gateway

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating