CVE-2026-29131
Published: 02 April 2026
Summary
CVE-2026-29131 is a high-severity LDAP Injection (CWE-90) vulnerability in Seppmail Secure Email Gateway. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents SQL injection exploitation by validating specially crafted email address inputs used in SQL commands.
Requires timely identification, reporting, and patching of the vulnerability as confirmed resolved in SEPPmail version 15.0.3.
Enforces logical access controls to mitigate unauthorized reading of encrypted emails intended for other users despite input flaws.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated exploit against public-facing Secure Email Gateway directly matches T1190; resulting unauthorized access to other users' encrypted email contents enables remote email collection (T1114.002).
NVD Description
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users.
Deeper analysisAI
CVE-2026-29131 is a vulnerability in SEPPmail Secure Email Gateway versions prior to 15.0.3 that enables attackers to read the contents of emails encrypted for other users by using a specially crafted email address. This issue, associated with CWE-90 (Improper Neutralization of Special Elements used in an SQL Command), carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with network accessibility, low attack complexity, and no requirements for privileges or user interaction.
The vulnerability can be exploited remotely by unauthenticated attackers who send an email containing the specially crafted address to the affected gateway. Successful exploitation allows the attacker to access sensitive email content intended for other recipients, potentially exposing confidential information without impacting integrity or availability.
SEPPmail's release notes for version 15.0 document the vulnerability disclosure and confirm that upgrading to version 15.0.3 resolves the issue. Security practitioners should apply this update promptly to affected installations.
Details
- CWE(s)