SEPPmail Secure Email Gateway PGP Signature Spoofing Risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.9

SEPPmail Secure Email Gateway PGP Signature Spoofing Risk

CVE-2026-27445

Summary

SEPPmail Secure Email Gateway users are at risk of receiving fake emails masquerading as genuine ones. This is because the software does not properly check if a PGP signature was created by the expected sender. To protect yourself, update to version 15.0.1 or later.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
seppmail	seppmail	<= 15.0.1	–

Original title

SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing.

Original description

SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing.

nvd CVSS3.1 5.3

nvd CVSS4.0 6.9

Vulnerability type

CWE-347 Improper Verification of Cryptographic Signature

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerabili... Vendor Advisory

Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026