Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-29131

Summary
Assigner-NCSC.ch
Assigner Org ID-455daabc-a392-441d-aa46-37d35189897c
Published At-02 Apr, 2026 | 08:46
Updated At-02 Apr, 2026 | 13:31
Rejected At-
Credits

PGP Decryption Recipient LDAP Injection

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:NCSC.ch
Assigner Org ID:455daabc-a392-441d-aa46-37d35189897c
Published At:02 Apr, 2026 | 08:46
Updated At:02 Apr, 2026 | 13:31
Rejected At:
â–¼CVE Numbering Authority (CNA)
PGP Decryption Recipient LDAP Injection

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users.

Affected Products
Vendor
SEPPmail
Product
Secure Email Gateway
Default Status
unaffected
Versions
Affected
  • From 0 before 15.0.3 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-90CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Type: CWE
CWE ID: CWE-90
Description: CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Metrics
VersionBase scoreBase severityVector
4.04.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
Version: 4.0
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-136CAPEC-136 LDAP Injection
CAPEC-116CAPEC-116 Excavation
CAPEC ID: CAPEC-136
Description: CAPEC-136 LDAP Injection
CAPEC ID: CAPEC-116
Description: CAPEC-116 Excavation
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Andris Suter-Dörig
coordinator
Matteo Scarlata
coordinator
Kenny Paterson
Timeline
EventDate
Vulnerability disclosed to SEPPmail2025-10-31 14:22:00
Version 15.0.3 released2026-03-03 00:00:00
Event: Vulnerability disclosed to SEPPmail
Date: 2025-10-31 14:22:00
Event: Version 15.0.3 released
Date: 2026-03-03 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503
release-notes
Hyperlink: https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503
Resource:
release-notes
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vulnerability@ncsc.ch
Published At:02 Apr, 2026 | 09:16
Updated At:16 Apr, 2026 | 19:07

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.04.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
seppmail
seppmail
>>secure_email_gateway>>Versions before 15.0.3(exclusive)
cpe:2.3:a:seppmail:secure_email_gateway:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-90Secondaryvulnerability@ncsc.ch
CWE ID: CWE-90
Type: Secondary
Source: vulnerability@ncsc.ch
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503vulnerability@ncsc.ch
Release Notes
Hyperlink: https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503
Source: vulnerability@ncsc.ch
Resource:
Release Notes

Change History

0
Information is not available yet

Similar CVEs

9Records found
CVE-2026-29135
Matching Score-8
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Matching Score-8
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.42%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 08:31
Updated-16 Apr, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Webmail Password Tag Sanitization Bypass

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization.

Action-Not Available
Vendor-seppmailSEPPmail
Product-secure_email_gatewaySecure Email Gateway
CWE ID-CWE-20
Improper Input Validation
CVE-2026-29132
Matching Score-8
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Matching Score-8
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 12.48%
||
7 Day CHG-0.01%
Published-02 Apr, 2026 | 08:25
Updated-16 Apr, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ESWmail-Verify Bypass

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails.

Action-Not Available
Vendor-seppmailSEPPmail
Product-secure_email_gatewaySecure Email Gateway
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-2747
Matching Score-8
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Matching Score-8
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 14.17%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 08:46
Updated-05 Mar, 2026 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PGP Mixed Plaintext and Encrypted Content

SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor.

Action-Not Available
Vendor-seppmailSEPPmail
Product-seppmailSecure Email Gateway
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-27442
Matching Score-8
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Matching Score-8
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-9.3||CRITICAL
EPSS-0.02% / 4.20%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 08:48
Updated-05 Mar, 2026 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
zip_attachments Path Traversal

The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway.

Action-Not Available
Vendor-seppmailSEPPmail
Product-seppmailSecure Email Gateway
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-29138
Matching Score-6
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Matching Score-6
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 12.00%
||
7 Day CHG-0.02%
Published-02 Apr, 2026 | 08:47
Updated-16 Apr, 2026 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PGP Decryption Sender LDAP Injection

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own.

Action-Not Available
Vendor-seppmailSEPPmail
Product-secure_email_gatewaySecure Email Gateway
CWE ID-CWE-90
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CVE-2015-7294
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.32% / 79.88%
||
7 Day CHG~0.00%
Published-06 Sep, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username.

Action-Not Available
Vendor-ldapauth-fork_projectn/a
Product-ldapauth-forkn/a
CWE ID-CWE-90
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CVE-2023-3447
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.6||HIGH
EPSS-0.19% / 41.45%
||
7 Day CHG~0.00%
Published-29 Jun, 2023 | 04:28
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Active Directory Integration / LDAP Integration <= 4.1.5 - Authenticated (Subscriber+) LDAP Injection

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for attackers, with an existing account on a vulnerable WordPress instance, to extract potentially sensitive information from the LDAP directory.

Action-Not Available
Vendor-miniorangecyberlord92
Product-active_directory_integration_\/_ldap_integrationActive Directory Integration / LDAP Integration
CWE ID-CWE-90
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CVE-2023-31025
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 42.09%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 18:31
Updated-17 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100DGX A100
CWE ID-CWE-90
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2020-5281
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.36% / 57.95%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 18:00
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LDAP connector injection in Perun

In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.

Action-Not Available
Vendor-cesnetCESNET
Product-perunperun
CWE ID-CWE-90
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
Details not found