Bottom line: InfoGuard Labs researchers have disclosed seven critical vulnerabilities in SEPPMail Secure E-Mail Gateway. The flaws enable remote code execution and access to all mail data. CVSS scores range from 6.9 to 10.0.
Researchers from InfoGuard Labs have discovered seven critical vulnerabilities in SEPPMail Secure E-Mail Gateway that could allow attackers to gain remote access and read all mail data. The flaws range from path traversal attacks to deserialization errors with CVSS scores between 6.9 and 10.0.
The security vulnerabilities discovered by Dario Weiss, Manuel Feifel and Olivier Becker could open the door to complete takeover of the SEPPMail appliance. The spectrum of vulnerabilities is alarmingly broad:
CVE-2026-2743 (CVSS 10.0) affects a path traversal flaw in the large file transfer (LFT) feature of the user interface, enabling arbitrary file writes and thus remote code execution. CVE-2026-7864 (CVSS 6.9) exposes system environment variables through authentication-free access in the new GINA user interface.
Particularly critical are CVE-2026-44125 (CVSS 9.3) and CVE-2026-44126 (CVSS 9.2), which allow unauthenticated attackers to access protected functions or execute code via manipulated serialized objects. CVE-2026-44127 (CVSS 8.8) allows unauthenticated remote attackers to read arbitrary local files and delete files. CVE-2026-44128 (CVSS 9.3) exploits an eval injection vulnerability in the template function to execute code.
In a realistic attack scenario, an attacker could exploit CVE-2026-2743 to overwrite the syslog configuration and ultimately gain a Perl-based reverse shell. This would result in complete takeover of the appliance and allow the attacker to read all mail data and establish persistent access to the gateway.