SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access — Ravie LakshmananMay 19, 2026Vulnerability / Email Security SEPPMail Secu
What’s new: Critical vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway that could allow remote code execution (RCE) and unauthorized access to email traffic. The vulnerabilities include path traversal, deserialization of untrusted data, and improper authorization checks, among others. Several have been patched in recent updates, with the latest version 15.0.4 addressing the remaining issues.
Who’s affected
Organizations using SEPPMail Secure E-Mail Gateway versions prior to 15.0.4 are at risk. Specific vulnerabilities include CVE-2026-2743, CVE-2026-7864, CVE-2026-44125, CVE-2026-44126, CVE-2026-44127, CVE-2026-44128, and CVE-2026-44129.
What to do
- Upgrade to SEPPMail Secure E-Mail Gateway version 15.0.4 or later to mitigate the vulnerabilities.
- Review and monitor logs for any unauthorized access attempts or anomalies.
- Implement additional network segmentation to limit exposure of the email gateway to internal networks.
