Description
SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileges of the api.app process.
Published: 2026-05-08
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A remote attacker can exploit an unauthenticated path traversal flaw in the identifier parameter of /api.app/attachment/preview to read any local file on the SEPPmail Secure Email Gateway host, and trigger the deletion of files in the target directory using the privileges of the api.app process. This can lead to both confidentiality compromise and loss or alteration of important system or configuration files.

Affected Systems

SEPPmail AG Secure Email Gateway versions prior to 15.0.4 are affected. The vulnerability exists in all builds before 15.0.4 and permits exploitation regardless of user authentication.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, but the EPSS score is not available, and the vulnerability is not listed in CISA KEV. Attackers can send crafted HTTP requests to /api.app/attachment/preview from any remote host with no authentication required, making the vulnerability highly exploitable in exposed environments.

Generated by OpenCVE AI on May 8, 2026 at 15:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SEPPmail Secure Email Gateway to version 15.0.4 or newer, which removes the vulnerable path traversal.
  • Restrict network access to the /api.app/attachment/preview endpoint to trusted hosts or internal networks to prevent unauthenticated access.
  • Apply strict input validation or a whitelist of allowed file paths for the identifier parameter to mitigate future path traversal attempts.

Generated by OpenCVE AI on May 8, 2026 at 15:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 16:45:00 +0000

Type Values Removed Values Added
References

Sun, 10 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Seppmail
Seppmail secure Email Gateway
Vendors & Products Seppmail
Seppmail secure Email Gateway

Fri, 08 May 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 08 May 2026 13:30:00 +0000

Type Values Removed Values Added
Description SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileges of the api.app process.
Title Local File Inclusion (LFI) and Arbitrary File Deletion
Weaknesses CWE-73
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Seppmail Secure Email Gateway
cve-icon MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published:

Updated: 2026-05-18T16:12:36.348Z

Reserved: 2026-05-05T12:56:43.132Z

Link: CVE-2026-44127

cve-icon Vulnrichment

Updated: 2026-05-08T14:26:23.803Z

cve-icon NVD

Status : Deferred

Published: 2026-05-08T14:16:45.730

Modified: 2026-05-18T17:16:32.787

Link: CVE-2026-44127

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T20:00:05Z

Weaknesses