Path traversal in PDF generation module_CVE-2026-8811

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L

Description

SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations.

Basic Information

ID CVE-2026-8811

Source NCSC.ch

Published Jun 18, 2026 at 09:05

Modified Jun 18, 2026 at 12:14

Affected Product

Vendor SEPPmail AG

Product Secure Email Gateway

Affected Versions SEPPmail AG Secure Email Gateway 0

CWE Classification

CWE-22

References

downloads.seppmail.com /extrelnotes/150/ERN15.0.html

{
    "lastseen": "",
    "description": "SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations.",
    "published": "2026-06-18T09:05:46.285Z",
    "modified": "2026-06-18T12:14:45.784Z",
    "type": "cve",
    "title": "Path traversal in PDF generation module",
    "source": "NCSC.ch",
    "references": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#possible-path-traversal-vulnerability",
    "id": "CVE-2026-8811",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "SEPPmail AG Secure Email Gateway 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Secure Email Gateway",
    "version": "0",
    "vendor": "SEPPmail AG",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}