CVE-2026-7864

Summary

SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information.

Affected Software

VendorProductVersion RangeStatus
SEPPmail AGSecure Email Gateway0 < 15.0.4affected

Weaknesses

  • CWE-497: CWE-497 Exposure of sensitive system information to an unauthorized control sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References