CVE-2026-29136

MEDIUM

CA Notification HTML Injection

Title source: cna

Description

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates.

References (1)

Scores

CVSS v3 6.1
EPSS 0.0002
EPSS Percentile 4.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
SEPPmail/Secure Email Gateway < 15.0.3
seppmail/secure_email_gateway < 15.0.3
Published Apr 02, 2026
Tracked Since Apr 02, 2026