Cyber Resilience

CVE-2026-29138

Medium

Published: 02 April 2026

Published
02 April 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score v4 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0022 12.1th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-29138 is a medium-severity LDAP Injection (CWE-90) vulnerability in Seppmail Secure Email Gateway. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-29138 is a vulnerability in SEPPmail Secure Email Gateway versions prior to 15.0.3. It enables attackers to use a specially crafted email address to claim another user's PGP signature as their own. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) and is linked to CWE-90.

The vulnerability can be exploited by any unauthenticated attacker accessible over the network, requiring low complexity and no user interaction. Successful exploitation results in high integrity impact, allowing the attacker to impersonate another user's PGP signature without affecting confidentiality or availability.

SEPPmail's release notes for version 15.0, available at https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503, disclose the vulnerability and confirm that it is addressed in version 15.0.3. Security practitioners should update affected SEPPmail Secure Email Gateway installations to version 15.0.3 or later to mitigate the issue.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1684.001 Impersonation Stealth
Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf.
T1684.002 Email Spoofing Stealth
Adversaries may fake, or spoof, a sender’s identity by modifying the value of relevant email headers in order to establish contact with victims under false pretenses.
Why these techniques?

Vuln in public-facing email gateway enables network exploitation (T1190); crafted address allows PGP signature impersonation (T1656) and email spoofing (T1672) with high integrity impact.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-29131Same product: Seppmail Secure Email Gateway
CVE-2026-29135Same product: Seppmail Secure Email Gateway
CVE-2026-29143Same product: Seppmail Secure Email Gateway
CVE-2026-29134Same product: Seppmail Secure Email Gateway
CVE-2026-29132Same product: Seppmail Secure Email Gateway
CVE-2026-29139Same product: Seppmail Secure Email Gateway
CVE-2026-29133Same product: Seppmail Secure Email Gateway
CVE-2026-27444Same vendor: Seppmail
CVE-2026-27443Same vendor: Seppmail
CVE-2026-2743Same vendor: Seppmail

Affected Assets

seppmail
secure email gateway
≤ 15.0.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely application of the vendor patch in SEPPmail version 15.0.3 directly remediates the flaw enabling attackers to claim another user's PGP signature via crafted email addresses.

prevent

Validating email address inputs in the Secure Email Gateway prevents specially crafted addresses from being processed to impersonate PGP signatures.

prevent

Implementing non-repudiation mechanisms ensures PGP signatures are properly bound to the correct user identities, mitigating unauthorized claims of another user's signature.

References