{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-29132", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "state": "PUBLISHED", "assignerShortName": "NCSC.ch", "dateReserved": "2026-03-04T09:08:03.277Z", "datePublished": "2026-04-02T08:25:00.574Z", "dateUpdated": "2026-04-02T14:50:57.915Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2026-04-02T08:25:00.574Z"}, "title": "ESWmail-Verify Bypass", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-87", "descriptions": [{"lang": "en", "value": "CAPEC-87 Forceful Browsing"}]}], "affected": [{"vendor": "SEPPmail", "product": "Secure Email Gateway", "versions": [{"status": "affected", "version": "0", "lessThan": "15.0.3", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:seppmail:seppmail_secure_email_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "0", "versionEndExcluding": "15.0.3"}]}]}], "descriptions": [{"lang": "en", "value": "SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails."}]}], "references": [{"url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503", "tags": ["release-notes"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"}}], "timeline": [{"time": "2025-10-31T14:22:00.000Z", "lang": "en", "value": "Vulnerability disclosed to SEPPmail"}, {"time": "2026-03-03T00:00:00.000Z", "lang": "en", "value": "Version 15.0.3 released"}], "credits": [{"lang": "en", "value": "Andris Suter-D\u00f6rig", "type": "finder"}, {"lang": "en", "value": "Matteo Scarlata", "type": "coordinator"}, {"lang": "en", "value": "Kenny Paterson", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T14:50:46.244390Z", "id": "CVE-2026-29132", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T14:50:57.915Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-29132", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T14:50:46.244390Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T14:50:53.768Z"}}], "cna": {"title": "ESWmail-Verify Bypass", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Andris Suter-D\u00f6rig"}, {"lang": "en", "type": "coordinator", "value": "Matteo Scarlata"}, {"lang": "en", "type": "coordinator", "value": "Kenny Paterson"}], "impacts": [{"capecId": "CAPEC-87", "descriptions": [{"lang": "en", "value": "CAPEC-87 Forceful Browsing"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SEPPmail", "product": "Secure Email Gateway", "versions": [{"status": "affected", "version": "0", "lessThan": "15.0.3", "versionType": "custom"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-31T14:22:00.000Z", "value": "Vulnerability disclosed to SEPPmail"}, {"lang": "en", "time": "2026-03-03T00:00:00.000Z", "value": "Version 15.0.3 released"}], "references": [{"url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503", "tags": ["release-notes"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails.", "supportingMedia": [{"type": "text/html", "value": "SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:seppmail:seppmail_secure_email_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "15.0.3", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2026-04-02T08:25:00.574Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29132", "state": "PUBLISHED", "dateUpdated": "2026-04-02T14:50:57.915Z", "dateReserved": "2026-03-04T09:08:03.277Z", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "datePublished": "2026-04-02T08:25:00.574Z", "assignerShortName": "NCSC.ch"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:seppmail:secure_email_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3729650-81CA-4311-94BF-14A7A191F8D1", "versionEndExcluding": "15.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails."}], "id": "CVE-2026-29132", "lastModified": "2026-04-16T19:07:33.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}, "published": "2026-04-02T09:16:21.327", "references": [{"source": "vulnerability@ncsc.ch", "tags": ["Release Notes"], "url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503"}], "sourceIdentifier": "vulnerability@ncsc.ch", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,15.0.3)"}}], "enrichment": {"confidence": 87.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 87.0, "source": "matching"}]}, "original": {"product": "Secure Email Gateway", "source": "cna", "vendor": "SEPPmail"}, "product": "seppmail_secure_email_gateway", "vendor": "seppmail"}], "analysis": {"en": {"generated_at": "2026-04-02T09:50:49.548991+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch that updates SEPPmail Secure Email Gateway to version 15.0.3 or later."], "summary": {"action": "Patch", "impact": "Unauthorized reading of protected emails"}, "threat_synthesis": {"affected_systems": "Any installation of SEPPmail Secure Email Gateway running a version earlier than 15.0.3 is impacted. Systems that deploy the affected software must be assessed for the presence of this vulnerability.", "description_and_impact": "SEPPmail Secure Email Gateway versions prior to 15.0.3 contain a flaw that allows an attacker who can access a victim\u2019s GINA account to bypass a secondary password verification step and read encrypted or protected emails. This missing authentication weakness (CWE\u2011306) exposes confidential information to an unauthorized party, giving the attacker potential access to sensitive communications. The primary impact is confidentiality loss, as the attacker can view content that should be restricted to authorized users.", "risk_and_exploitability": "The CVSS base score of 6.3 indicates moderate severity. EPSS data is not available, and the issue is not listed in the CISA KEV catalog, suggesting limited evidence of widespread exploitation. Exploitation requires access to a victim's GINA account; once such an account is compromised, the attacker can read protected messages. Because the vulnerability is internal to the gateway logic and requires legitimate credentials, the overall risk remains moderate but serious for environments handling sensitive mail."}}}}, "created": "2026-04-02T20:15:35.970181+00:00", "updated": "2026-04-02T20:22:11.529749+00:00", "vendors": ["seppmail", "seppmail$PRODUCT$seppmail_secure_email_gateway"]}