CRITICALCVE-2026-44125Published 2026-05-08Modified 2026-05-18CNA NCSC.ch

CVE-2026-44125: Missing Authorization in GINAv2

SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.

CVSS v4.0: 9.3
Severity: CRITICAL
Fixed in: 15.0.4
Affected Products: 1

Fix available

15.0.4

Affected packages

SEPPmail AG / Secure Email Gateway
< 15.0.4 (from 0)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

downloads.seppmail.com
labs.infoguard.ch

Metrics

Fix available