seppmail 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk input validation、vendor risk cross-site scripting, and パス処理の欠陥 があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact unexpected behavior、vendor impact session compromise, and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-29144 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters. | [email protected] | 7.8 | 0.21% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29143 | SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers. | [email protected] | 7.8 | 0.25% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29142 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email. | [email protected] | 6.3 | 0.13% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29141 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK]. | [email protected] | 7.7 | 0.21% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29140 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures. | [email protected] | 7.7 | 0.12% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29139 | SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password. | [email protected] | 7.8 | 0.27% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29138 | SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own. | [email protected] | 6.3 | 0.22% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29137 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject. | [email protected] | 5.3 | 0.19% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29136 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates. | [email protected] | 5.3 | 0.10% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29135 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization. | [email protected] | 5.3 | 0.25% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29134 | SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions. | [email protected] | 5.3 | 0.22% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29133 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address. | [email protected] | 5.3 | 0.23% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29132 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails. | [email protected] | 6.3 | 0.25% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29131 | SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users. | [email protected] | 4.9 | 0.23% | 2026-04-02 | 2026-04-16 |
| CVE-2026-2743 | Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before | [email protected] | 10.0 | 0.76% | 2026-03-05 | 2026-05-19 |
| CVE-2026-2748 | SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing whitespaces, allowing signature spoofing. | [email protected] | 7.8 | 0.12% | 2026-03-04 | 2026-03-05 |
| CVE-2026-2747 | SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor. | [email protected] | 6.9 | 0.25% | 2026-03-04 | 2026-03-05 |
| CVE-2026-2746 | SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails. | [email protected] | 6.9 | 0.16% | 2026-03-04 | 2026-03-05 |
| CVE-2026-27445 | SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing. | [email protected] | 6.9 | 0.12% | 2026-03-04 | 2026-03-05 |
| CVE-2026-27444 | SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it. | [email protected] | 7.8 | 0.21% | 2026-03-04 | 2026-03-05 |