SEPPmail Secure Email Gateway: Unsanitized S/MIME Header Injection

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.2

SEPPmail Secure Email Gateway: Unsanitized S/MIME Header Injection

CVE-2026-27443

Summary

The SEPPmail Secure Email Gateway doesn't properly clean up email headers from encrypted messages. This can allow an attacker to manipulate trusted email headers, potentially leading to security issues. Update to version 15.0.1 or later to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
seppmail	seppmail	<= 15.0.1	–

Original title

SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers.

Original description

SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers.

nvd CVSS3.1 7.5

nvd CVSS4.0 8.2

Vulnerability type

CWE-20 Improper Input Validation

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerabili... Vendor Advisory

Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026