CVE 9.3 CRITICAL

Missing Authorization in GINAv2_CVE-2026-44125

May 8, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.

AI Analysis

Unauthenticated remote attackers can access functionality that should require a valid session due to missing authorization checks in the GINA UI

Basic Information

ID CVE-2026-44125

Source NCSC.ch

Published May 8, 2026 at 13:15

Affected Product

Vendor SEPPmail AG

Product Secure Email Gateway

Affected Versions SEPPmail AG Secure Email Gateway 0

CWE Classification

CWE-862

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor SEPPmail AG

Product Secure Email Gateway

Version before 15.0.4

References

downloads.seppmail.com /extrelnotes/150/ERN15.0.html

{
    "lastseen": "",
    "description": "SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.",
    "published": "2026-05-08T13:15:07.947Z",
    "modified": "2026-05-08T13:15:07.947Z",
    "type": "cve",
    "title": "Missing Authorization in GINAv2",
    "source": "NCSC.ch",
    "references": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security",
    "id": "CVE-2026-44125",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "SEPPmail AG Secure Email Gateway 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Secure Email Gateway",
    "version": "0",
    "vendor": "SEPPmail AG",
    "ai_description": "Unauthenticated remote attackers can access functionality that should require a valid session due to missing authorization checks in the GINA UI",
    "ai_severity": "Critical",
    "ai_vendor": "SEPPmail AG",
    "ai_product": "Secure Email Gateway",
    "ai_version": "before 15.0.4",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply