CVE-2026-44129

Vulnerability Description

SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote attackers to execute arbitrary template expressions and potentially achieve remote code execution depending on the enabled template plugins.

Vulnerability Details

Published Date

May 08, 2026

Last Modified

May 08, 2026

CWE ID

CWE-1336

Source

NVD

Vendor

SEPPmail AG

Product

Secure Email Gateway

External References

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment