Cyber Resilience

CVE-2026-27443

High

Published: 04 March 2026

Published
04 March 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v4 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0022 12.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-27443 is a high-severity Improper Input Validation (CWE-20) vulnerability in Seppmail Seppmail. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-27443 affects SEPPmail Secure Email Gateway versions prior to 15.0.1, where the software fails to properly sanitize headers from S/MIME protected MIME entities. This improper input validation (CWE-20) enables an attacker to manipulate trusted headers within these entities. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), indicating high severity due to its network accessibility, low attack complexity, and lack of required privileges or user interaction.

An unauthenticated attacker can exploit this vulnerability remotely by sending a specially crafted email containing S/MIME protected MIME entities with unsanitized headers. Successful exploitation allows the attacker to control trusted headers, resulting in high integrity impact without affecting confidentiality or availability. This could enable header spoofing or injection, potentially bypassing email security controls or misleading recipients and administrators.

The vendor's advisory in the release notes for version 15.0 at https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure details the vulnerability disclosure and recommends upgrading to SEPPmail Secure Email Gateway 15.0.1 or later to mitigate the issue.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1684.002 Email Spoofing Stealth
Adversaries may fake, or spoof, a sender’s identity by modifying the value of relevant email headers in order to establish contact with victims under false pretenses.
Why these techniques?

The CVE describes remote exploitation of a public-facing email security gateway via crafted S/MIME emails (directly matching T1190). Successful exploitation enables header manipulation/spoofing that bypasses security controls and misleads recipients (directly matching T1672).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-27444Same product: Seppmail Seppmail
CVE-2026-2747Same product: Seppmail Seppmail
CVE-2026-2743Same product: Seppmail Seppmail
CVE-2026-27442Same product: Seppmail Seppmail
CVE-2026-27441Same product: Seppmail Seppmail
CVE-2026-29135Same vendor: Seppmail
CVE-2026-29143Same vendor: Seppmail
CVE-2026-29133Same vendor: Seppmail
CVE-2026-29138Same vendor: Seppmail
CVE-2026-29134Same vendor: Seppmail

Affected Assets

seppmail
seppmail
≤ 15.0.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of information inputs such as unsanitized headers from S/MIME protected MIME entities to prevent manipulation.

prevent

Ensures timely identification, reporting, and patching of the specific input sanitization flaw in SEPPmail Secure Email Gateway prior to version 15.0.1.

preventdetect

Implements spam protection mechanisms tailored for email gateways that can block or detect header spoofing and injection from crafted S/MIME entities.

References