CVE 9.2 CRITICAL

Insecure deserialization_CVE-2026-44126

May 8, 2026 invoker category_cve

9.2 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code via a crafted serialized object.

AI Analysis

Insecure deserialization vulnerability in SEPPmail Secure Email Gateway, allowing unauthenticated remote attackers to execute code via a crafted serialized object.

Basic Information

ID CVE-2026-44126

Source NCSC.ch

Published May 8, 2026 at 13:15

Affected Product

Vendor SEPPmail AG

Product Secure Email Gateway

Affected Versions SEPPmail AG Secure Email Gateway 0

CWE Classification

CWE-502

AI Assessment

AI Score 9.2 / 10

AI Severity Critical

Vendor SEPPmail AG

Product Secure Email Gateway

Version before 15.0.4

References

downloads.seppmail.com /extrelnotes/150/ERN15.0.html

{
    "lastseen": "",
    "description": "SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code via a crafted serialized object.",
    "published": "2026-05-08T13:15:52.032Z",
    "modified": "2026-05-08T13:15:52.032Z",
    "type": "cve",
    "title": "Insecure deserialization",
    "source": "NCSC.ch",
    "references": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security",
    "id": "CVE-2026-44126",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "SEPPmail AG Secure Email Gateway 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.2,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Secure Email Gateway",
    "version": "0",
    "vendor": "SEPPmail AG",
    "ai_description": "Insecure deserialization vulnerability in SEPPmail Secure Email Gateway, allowing unauthenticated remote attackers to execute code via a crafted serialized object.",
    "ai_severity": "Critical",
    "ai_vendor": "SEPPmail AG",
    "ai_product": "Secure Email Gateway",
    "ai_version": "before 15.0.4",
    "ai_score": 9.2
}

💭 Join the Security Discussion ❌ Cancel Reply