Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
SeppMail: Attackers can upload files to any location on the server
CVE-2026-2743
Summary
A security issue in SeppMail's user web interface allows attackers to upload files to any location on the server, potentially leading to remote code execution. This affects versions of SeppMail up to 15.0.2.1. Affected users should update to a fixed version to prevent unauthorized file uploads.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| seppmail | seppmail | <= 15.0.2.1 | – |
Original title
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 ...
Original description
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before
nvd CVSS4.0
10.0
Vulnerability type
CWE-22
Path Traversal
CWE-434
Unrestricted File Upload
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026