{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2743", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "state": "PUBLISHED", "assignerShortName": "NCSC.ch", "dateReserved": "2026-02-19T12:28:37.148Z", "datePublished": "2026-03-05T06:45:21.753Z", "dateUpdated": "2026-03-05T15:18:26.038Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "modules": ["GINA User Web Interface"], "platforms": ["Linux"], "product": "SeppMail", "vendor": "SeppMail", "versions": [{"lessThanOrEqual": "15.0.2.1", "status": "affected", "version": "unknown", "versionType": "-"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Manuel Feifel and Dario Weiss of InfoGuard Labs"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). <p>This issue affects SeppMail: 15.0.2.1 and before</p>"}], "value": "Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 10, "baseSeverity": "CRITICAL", "exploitMaturity": "ATTACKED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2026-03-05T06:45:21.753Z"}, "references": [{"url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html"}, {"url": "https://labs.infoguard.ch/advisories/seppmail"}], "source": {"discovery": "UNKNOWN"}, "title": "SEPPmail User Web Interface Arbitrary File Write to RCE", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T15:18:18.048322Z", "id": "CVE-2026-2743", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:18:26.038Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2743", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-05T15:18:18.048322Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:18:22.097Z"}}], "cna": {"title": "SEPPmail User Web Interface Arbitrary File Write to RCE", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Manuel Feifel and Dario Weiss of InfoGuard Labs"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y", "exploitMaturity": "ATTACKED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SeppMail", "modules": ["GINA User Web Interface"], "product": "SeppMail", "versions": [{"status": "affected", "version": "unknown", "versionType": "-", "lessThanOrEqual": "15.0.2.1"}], "platforms": ["Linux"], "defaultStatus": "unknown"}], "references": [{"url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html"}, {"url": "https://labs.infoguard.ch/advisories/seppmail"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before", "supportingMedia": [{"type": "text/html", "value": "Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). <p>This issue affects SeppMail: 15.0.2.1 and before</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2026-03-05T06:45:21.753Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2743", "state": "PUBLISHED", "dateUpdated": "2026-03-05T15:18:26.038Z", "dateReserved": "2026-02-19T12:28:37.148Z", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "datePublished": "2026-03-05T06:45:21.753Z", "assignerShortName": "NCSC.ch"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:seppmail:seppmail:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADABBDE5-D0B9-4A42-B997-81C811C7FADA", "versionEndIncluding": "15.0.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before"}, {"lang": "es", "value": "Escritura arbitraria de archivos mediante carga por salto de ruta que lleva a ejecuci\u00f3n remota de c\u00f3digo en la interfaz web de usuario de SeppMail. La caracter\u00edstica afectada es la transferencia de archivos grandes (LFT). Este problema afecta a SeppMail: 15.0.2.1 y versiones anteriores."}], "id": "CVE-2026-2743", "lastModified": "2026-03-09T18:31:01.173", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "ATTACKED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}, "published": "2026-03-05T07:16:14.670", "references": [{"source": "vulnerability@ncsc.ch", "tags": ["Release Notes"], "url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html"}, {"source": "vulnerability@ncsc.ch", "tags": ["Third Party Advisory"], "url": "https://labs.infoguard.ch/advisories/seppmail"}], "sourceIdentifier": "vulnerability@ncsc.ch", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-434"}], "source": "vulnerability@ncsc.ch", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,15.0.2.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "SeppMail", "source": "cna", "vendor": "SeppMail"}, "product": "seppmail", "vendor": "seppmail"}], "analysis": {"en": {"generated_at": "2026-04-16T12:31:49.999113+00:00", "value": {"mitigation_remediation": ["Upgrade SeppMail to a version newer than 15.0.2.1 when the vendor releases an update that resolves the path traversal issue.", "If an upgrade is not immediately available, disable the large file transfer feature or restrict its usage to trusted administrators to block the upload path.", "Apply general file\u2011upload hardening best practices: enforce strict path validation, restrict writable directories, and allow only approved file types to mitigate potential future exploitation."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The flaw impacts SeppMail installations with the User Web Interface, specifically versions 15.0.2.1 and earlier. All environments running these releases, regardless of deployment size or configuration, are susceptible as the LFT feature is enabled by default.", "description_and_impact": "SeppMail\u2019s large file transfer (LFT) feature permits an attacker to upload files using a path traversal flaw, allowing arbitrary file writes on the host. The written files can contain executable code or web shells, enabling full control of the server. The vulnerability sits on CWE\u201122 and CWE\u2011434 weaknesses: path traversal in the upload handler and unrestricted upload of dangerous file types, respectively. The principal consequence is a breach of confidentiality, integrity, and availability of the mail server and its underlying system.", "risk_and_exploitability": "The assigned CVSS score of 10 reflects maximal severity, and the exploitation probability is reported as less than 1\u202f% in EPSS, indicating a rare but plausible threat. The issue is not yet listed in the CISA KEV catalog. Because the attack requires access to the web interface and the ability to submit a file, the most likely vector is an authenticated user who can manipulate file names to bypass directory restrictions. No publicly available exploit code is known, but the high impact warrants immediate remediation."}}}}, "created": "2026-03-06T15:08:04.735908+00:00", "updated": "2026-04-16T12:45:35.842200+00:00", "vendors": ["seppmail", "seppmail$PRODUCT$seppmail"]}