PT-2026-23410 · Seppmail · Seppmail

Published

2026-03-05

Updated

2026-06-08

CVE-2026-2743

CVSS v4.0

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y

Name of the Vulnerable Software and Affected Versions SeppMail versions prior to 15.0.2.1

Description The User Web Interface contains a flaw in the large file transfer (LFT) feature. This allows arbitrary file write via path traversal upload, which can lead to remote code execution. Path traversal is a technique that allows an attacker to access or write to files and directories outside the intended folder by using special characters like "../".

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Path traversal

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-434

Related Identifiers

CVE-2026-2743

Affected Products

Seppmail

PT-2026-23410 · Seppmail · Seppmail

CVE-2026-2743

Weakness Enumeration

Related Identifiers

Affected Products

References · 14