CVE-2026-8811

Summary

SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations.

Affected Software

VendorProductVersion RangeStatus
SEPPmail AGSecure Email Gateway0 < 15.0.5affected

Weaknesses

  • CWE-22: CWE-22

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References