PT-2026-38961 · Unknown · Seppmail Secure Email Gateway
Dario Weiss
·
Published
2026-05-08
·
Updated
2026-06-05
·
CVE-2026-44129
CVSS v4.0
8.3
High
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
SEPPmail Secure Email Gateway versions prior to 15.0.4
Description
The new GINA UI contains a server-side template injection (SSTI)—a flaw where an application embeds user input into a server-side template without proper validation—because an endpoint accepts attacker-controlled templates. This allows remote attackers to execute arbitrary template expressions, which may lead to remote code execution depending on the enabled template plugins.
Recommendations
Update to version 15.0.4 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Seppmail Secure Email Gateway