Exposure of Sensitive Information to an Unauthorized Actor_CVE-2026-7864

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information.

Basic Information

ID CVE-2026-7864

Source NCSC.ch

Published May 8, 2026 at 13:12

Affected Product

Vendor SEPPmail AG

Product Secure Email Gateway

Affected Versions SEPPmail AG Secure Email Gateway 0

CWE Classification

CWE-497

References

downloads.seppmail.com /extrelnotes/150/ERN15.0.html

{
    "lastseen": "",
    "description": "SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information.",
    "published": "2026-05-08T13:12:17.617Z",
    "modified": "2026-05-08T13:12:17.617Z",
    "type": "cve",
    "title": "Exposure of Sensitive Information to an Unauthorized Actor",
    "source": "NCSC.ch",
    "references": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security",
    "id": "CVE-2026-7864",
    "bulletinFamily": "",
    "cwe": [
        "CWE-497"
    ],
    "cvelist": null,
    "sourceData": "SEPPmail AG Secure Email Gateway 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Secure Email Gateway",
    "version": "0",
    "vendor": "SEPPmail AG",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}