Description
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before
Published: 2026-03-05
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

SeppMail’s large file transfer (LFT) feature permits an attacker to upload files using a path traversal flaw, allowing arbitrary file writes on the host. The written files can contain executable code or web shells, enabling full control of the server. The vulnerability sits on CWE‑22 and CWE‑434 weaknesses: path traversal in the upload handler and unrestricted upload of dangerous file types, respectively. The principal consequence is a breach of confidentiality, integrity, and availability of the mail server and its underlying system.

Affected Systems

The flaw impacts SeppMail installations with the User Web Interface, specifically versions 15.0.2.1 and earlier. All environments running these releases, regardless of deployment size or configuration, are susceptible as the LFT feature is enabled by default.

Risk and Exploitability

The assigned CVSS score of 10 reflects maximal severity, and the exploitation probability is reported as less than 1 % in EPSS, indicating a rare but plausible threat. The issue is not yet listed in the CISA KEV catalog. Because the attack requires access to the web interface and the ability to submit a file, the most likely vector is an authenticated user who can manipulate file names to bypass directory restrictions. No publicly available exploit code is known, but the high impact warrants immediate remediation.

Generated by OpenCVE AI on April 16, 2026 at 12:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SeppMail to a version newer than 15.0.2.1 when the vendor releases an update that resolves the path traversal issue.
  • If an upgrade is not immediately available, disable the large file transfer feature or restrict its usage to trusted administrators to block the upload path.
  • Apply general file‑upload hardening best practices: enforce strict path validation, restrict writable directories, and allow only approved file types to mitigate potential future exploitation.

Generated by OpenCVE AI on April 16, 2026 at 12:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:seppmail:seppmail:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Seppmail
Seppmail seppmail
Vendors & Products Seppmail
Seppmail seppmail

Thu, 05 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 07:00:00 +0000

Type Values Removed Values Added
Description Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before
Title SEPPmail User Web Interface Arbitrary File Write to RCE
Weaknesses CWE-22
CWE-434
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y'}

Subscriptions

Seppmail Seppmail
cve-icon MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published:

Updated: 2026-03-05T15:18:26.038Z

Reserved: 2026-02-19T12:28:37.148Z

Link: CVE-2026-2743

cve-icon Vulnrichment

Updated: 2026-03-05T15:18:22.097Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T07:16:14.670

Modified: 2026-03-09T18:31:01.173

Link: CVE-2026-2743

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:45:35Z

Weaknesses