HarborGuard / CVE
Back to search
HIGHCVE-2026-29139Published Modified CNA NCSC.ch

CVE-2026-29139: GINA State Confusion Account Takeover

SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password.

Metrics

CVSS v4.0
7.8
Severity
HIGH
Fixed in
15.0.3
Affected Products
1

Fix available

15.0.3
Affected packages
  • SEPPmail / Secure Email Gateway
    < 15.0.3 (from 0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:N
References
CVE-2026-29139: GINA State Confusion Account Takeover | HarborGuard CVE