← back
CVE-2026-2743

SEPPmail User Web Interface Arbitrary File Write to RCE

CVSS 10 CRITICALEPSS 0.8%CWE-22CWE-434
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 10EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
05 Mar 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y
Affected products
SeppMail · SeppMail

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://downloads.seppmail.com/extrelnotes/150/ERN15.0.htmlhttps://labs.infoguard.ch/posts/seppmail_secure_e-mail_gateway_rce_vulnerabilities_cve-2026-2743_cve-2026-7864_cve-2026-44127_cve-2026-44128/