CVE-2026-7864

MEDIUM

SEPPmail Secure Email Gateway - Environment Variable Exposure

Title source: manual

Description

SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information.

References (2)

Core 2

Core References

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security

https://labs.infoguard.ch/posts/seppmail_secure_e-mail_gateway_rce_vulnerabilities_cve-2026-2743_cve-2026-7864_cve-2026-44127_cve-2026-44128/

Scores

CVSS v4 6.9

EPSS 0.1436

EPSS Percentile 96.2%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-497

Status published

Products (1)

SEPPmail AG/Secure Email Gateway < 15.0.4

Published May 08, 2026

Tracked Since May 08, 2026