Auth bypass in Seppmail Ag Secure Email Gateway
CVE-2026-44125
SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.
Vulnerability class: Broken Access Control
EPSS: 0.001 (32.4th percentile) — read the EPSS interpretation.
Affected products
- Seppmail Ag Secure Email Gateway — versions 0