CVE-2026-44129

Summary

SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote attackers to execute arbitrary template expressions and potentially achieve remote code execution depending on the enabled template plugins.

Affected Software

VendorProductVersion RangeStatus
SEPPmail AGSecure Email Gateway0 < 15.0.4affected

Weaknesses

  • CWE-1336: CWE-1336 Improper neutralization of special elements used in a template engine

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References