Description
SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileges of the api.app process.
Published: 2026-05-08
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A remote attacker can exploit an unauthenticated path traversal flaw in the identifier parameter of /api.app/attachment/preview to read any local file on the SEPPmail Secure Email Gateway host, and trigger the deletion of files in the target directory using the privileges of the api.app process. This can lead to both confidentiality compromise and loss or alteration of important system or configuration files.

Affected Systems

SEPPmail AG Secure Email Gateway versions prior to 15.0.4 are affected. The vulnerability exists in all builds before 15.0.4 and permits exploitation regardless of user authentication.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, but the EPSS score is not available, and the vulnerability is not listed in CISA KEV. Attackers can send crafted HTTP requests to /api.app/attachment/preview from any remote host with no authentication required, making the vulnerability highly exploitable in exposed environments.

Generated by OpenCVE AI on May 8, 2026 at 15:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SEPPmail Secure Email Gateway to version 15.0.4 or newer, which removes the vulnerable path traversal.
  • Restrict network access to the /api.app/attachment/preview endpoint to trusted hosts or internal networks to prevent unauthenticated access.
  • Apply strict input validation or a whitelist of allowed file paths for the identifier parameter to mitigate future path traversal attempts.

Generated by OpenCVE AI on May 8, 2026 at 15:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 13:30:00 +0000

Type Values Removed Values Added
Description SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileges of the api.app process.
Title Local File Inclusion (LFI) and Arbitrary File Deletion
Weaknesses CWE-73
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published:

Updated: 2026-05-08T21:27:54.210Z

Reserved: 2026-05-05T12:56:43.132Z

Link: CVE-2026-44127

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-08T14:16:45.730

Modified: 2026-05-08T15:51:08.590

Link: CVE-2026-44127

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T15:15:10Z

Weaknesses