CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 19, 2026

Critical SEPPmail Gateway Flaws Allow Remote Code Execution and Mail Traffic Theft

Cybersecurity News Archived May 19, 2026 ✓ Full text saved

Critical vulnerabilities in the SEPPmail Secure Email Gateway have exposed organizations to remote code execution (RCE) and potential interception of sensitive email traffic. Researchers uncovered several high-impact flaws affecting SEPPmail appliances, widely deployed across the DACH region. The most severe issues include: These vulnerabilities affect versions before the patched releases in the 15.x branch. SEPPmail […] The post Critical SEPPmail Gateway Flaws Allow Remote Code Execution and Ma

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News Critical SEPPmail Gateway Flaws Allow Remote Code Execution and Mail Traffic Theft By Abinaya May 19, 2026 Critical vulnerabilities in the SEPPmail Secure Email Gateway have exposed organizations to remote code execution (RCE) and potential interception of sensitive email traffic. Researchers uncovered several high-impact flaws affecting SEPPmail appliances, widely deployed across the DACH region. The most severe issues include: CVE-2026-2743: Pre-authenticated RCE via arbitrary file write in the Large File Transfer (LFT) component. CVE-2026-44128: Unauthenticated RCE through Perl code injection. CVE-2026-44127: Local File Inclusion (LFI) enabling access to sensitive files and emails. CVE-2026-7864: Exposure of sensitive environment variables without authentication. These vulnerabilities affect versions before the patched releases in the 15.x branch. SEPPmail Gateway Flaws Path Traversal to Full RCE The most critical flaw, CVE-2026-2743, affects the LFT feature used to handle large email attachments. The backend fails to sanitize user-supplied file paths during uploads, allowing attackers to exploit directory-traversal sequences such as “../”. This enables arbitrary file writes outside the intended directory. Researchers demonstrated that attackers could overwrite the system file /etc/syslog.conf, which is writable by the low-privileged “nobody” user.  Unsanitized Path Traversal (Source: Infoguard) By injecting malicious configuration entries into syslog, attackers can force the system to execute arbitrary commands. For example, a crafted payload can trigger a reverse shell when system logs are processed. The attack chain is completed when log rotation (via newsyslog) reloads the modified configuration, effectively executing the malicious code without requiring authentication. GINA V2 Vulnerabilities The newer GINA V2 web interface introduces additional critical issues: Perl Injection (CVE-2026-44128): Unsanitized input passed directly to a Perl eval() function allows full command execution. LFI and Arbitrary File Access (CVE-2026-44127): Attackers can read sensitive files, including LDAP databases, emails, and credentials. Debug Exposure (CVE-2026-7864): Unauthenticated endpoints leak environment variables, aiding further exploitation. Notably, some of these endpoints lack proper authentication checks, significantly lowering the barrier for attackers. Successful exploitation allows attackers to: Gain full control over the email gateway. Intercept, read, or modify encrypted email traffic. Access credentials, keys, and internal communications. Establish persistent access within the network. Because SEPPmail appliances often operate as black-box virtual systems, security teams may have limited visibility into ongoing attacks. Organizations using SEPPmail should take immediate action: Upgrade to the latest patched version (15.0.4 or later, where applicable). Disable unused features like LFT and GINA V2 if not required. Restrict access to exposed API endpoints. Monitor logs for unusual activity or forced log rotations. Conduct internal audits for potential compromise. According to recent research published by Infoguard Labs, even widely trusted secure email solutions can contain critical security flaws. It also underscores the growing role of AI-assisted vulnerability discovery, which is significantly accelerating both identification and exploitation timelines. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News New Critical Exim Mailer Allows Remote Attacker to Execute Arbitrary Code Amazon Redshift JDBC Driver Vulnerabilities Enables Remote Code Execution Attacks Tycoon 2FA Operators Adopt OAuth Device Code Phishing to Bypass MFA Seedworm APT Abuses Signed Fortemedia and SentinelOne Binaries for DLL Sideloading Claude Code RCE Flaw Lets Attackers Execute Commands via Malicious Deeplinks Latest News AWS CISA Admin Exposes AWS GovCloud Credentials on Public GitHub Repository Cyber Security News Hackers Abuse Microsoft Entra ID Accounts to Exfiltrate Microsoft 365 and Azure Data Cyber Security News Mythos Preview Builds PoC Exploits in Automated Vulnerability Research Cyber Security News Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild Cyber Security News Critical n8n Vulnerabilities Expose Automation Nodes to Full RCE
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    May 19, 2026
    Archived
    May 19, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗