SEPPmail Secure Email Gateway: Email Signature Spoofing

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

SEPPmail Secure Email Gateway: Email Signature Spoofing

CVE-2026-2748

Summary

Certain email certificates are not properly validated, allowing attackers to fake email sender identities. This can lead to unauthorized emails appearing to come from trusted senders. Upgrading to version 15.0.1 or later is recommended to mitigate this risk.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
seppmail	seppmail	<= 15.0.1	–

Original title

SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing whitespaces, allowing signature spoofing.

Original description

SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing whitespaces, allowing signature spoofing.

nvd CVSS3.1 5.3

nvd CVSS4.0 7.8

Vulnerability type

CWE-295 Improper Certificate Validation

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerabili... Vendor Advisory

Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026