QwikSec

Security Database

CVE

CWE

Training

CVE-2026-44129

Published: May 8, 2026

Modified: May 18, 2026

PUBLISHED

Description

SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote attackers to execute arbitrary template expressions and potentially achieve remote code execution depending on the enabled template plugins.

Vendor	Product	Versions
SEPPmail AG	Secure Email Gateway	affected `0 - < 15.0.4`

Weaknesses (CWE)

References

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security

https://labs.infoguard.ch/posts/seppmail_secure_e-mail_gateway_rce_vulnerabilities_cve-2026-2743_cve-2026-7864_cve-2026-44127_cve-2026-44128/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.