Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: email-gateway (1 article)Clear

SEPPmail Secure Email Gateway RCE chain allows attacker to read all mail traffic and persist on the gateway

Researchers have disclosed a chain of vulnerabilities in SEPPmail Secure Email Gateway that lets an attacker turn unauthenticated web requests into remote code execution by inflating the SEPPMaillog file past its 10,000 KB limit, which forces newsyslog to rotate logs and signal syslogd to reload its configuration. Combined with the other flaws in the chain, the attacker reads all mail traffic on the appliance and persists indefinitely. SEPPmail has patched CVE-2026-44128 in version 15.0.2.1, CVE-2026-44126 in 15.0.3, and the rest in 15.0.4. The disclosure follows last month's CVE-2026-27441 (CVSS 9.5) OS command-execution fix in the same appliance.

Check
Inventory SEPPmail Secure Email Gateway appliances and exact versions. Pull web access logs for unusually large or repeated requests that could bloat SEPPMaillog past its rotation threshold.
Affected
SEPPmail appliances on versions earlier than 15.0.4. Last month's CVE-2026-27441 (CVSS 9.5) OS-command-execution flaw in the same product remains relevant if unpatched.
Fix
Upgrade SEPPmail to 15.0.4 immediately. If you cannot, restrict admin and webmail interfaces to a management VLAN behind VPN and monitor log file sizes for unusual growth.