CVE-2026-29139

Published Apr 2, 2026

Last updated 2 months ago

CVSS high 7.8

Overview

Description
SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password.
Source
vulnerability@ncsc.ch
NVD status
Analyzed
Products
secure_email_gateway

Risk scores

CVSS 4.0

Type
Secondary
Base score
7.8
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

vulnerability@ncsc.ch
CWE-288

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters.CVE-2026-29144
  2. SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers.CVE-2026-29143
  3. SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email.CVE-2026-29142
  4. SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK].CVE-2026-29141
  5. SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures.CVE-2026-29140

References

Sources include official advisories and independent security research.