CRITICALCVE-2026-44126Published Modified CNA NCSC.ch
CVE-2026-44126: Insecure deserialization
SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code via a crafted serialized object.
Metrics
- CVSS v4.0
- 9.2
- Severity
- CRITICAL
- Fixed in
- 15.0.4
- Affected Products
- 1
Fix available
15.0.4
Affected packages
- SEPPmail AG / Secure Email Gateway< 15.0.4 (from 0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences