QwikSec

Security Database

CVE

CWE

Training

CVE-2026-44127

Published: May 8, 2026

Modified: May 18, 2026

PUBLISHED

Description

SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileges of the api.app process.

Vendor	Product	Versions
SEPPmail AG	Secure Email Gateway	affected `0 - < 15.0.4`

Weaknesses (CWE)

References

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security

https://labs.infoguard.ch/posts/seppmail_secure_e-mail_gateway_rce_vulnerabilities_cve-2026-2743_cve-2026-7864_cve-2026-44127_cve-2026-44128/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.