{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-29143", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "state": "PUBLISHED", "assignerShortName": "NCSC.ch", "dateReserved": "2026-03-04T09:08:07.342Z", "datePublished": "2026-04-02T08:49:31.012Z", "dateUpdated": "2026-04-02T13:34:31.668Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2026-04-02T08:49:31.012Z"}, "title": "S/MIME Decryption Impersonation", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-43", "descriptions": [{"lang": "en", "value": "CAPEC-43 Exploiting Multiple Input Interpretation Layers"}]}, {"capecId": "CAPEC-194", "descriptions": [{"lang": "en", "value": "CAPEC-194 Fake the Source of Data"}]}], "affected": [{"vendor": "SEPPmail", "product": "Secure Email Gateway", "versions": [{"status": "affected", "version": "0", "lessThan": "15.0.3", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:seppmail:seppmail_secure_email_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "0", "versionEndExcluding": "15.0.3"}]}]}], "descriptions": [{"lang": "en", "value": "SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers."}]}], "references": [{"url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503", "tags": ["release-notes"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N"}}], "timeline": [{"time": "2025-10-31T14:22:00.000Z", "lang": "en", "value": "Vulnerability disclosed to SEPPmail"}, {"time": "2026-03-03T00:00:00.000Z", "lang": "en", "value": "Version 15.0.3 released"}], "credits": [{"lang": "en", "value": "Andris Suter-D\u00f6rig", "type": "finder"}, {"lang": "en", "value": "Matteo Scarlata", "type": "coordinator"}, {"lang": "en", "value": "Kenny Paterson", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T13:34:22.865322Z", "id": "CVE-2026-29143", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T13:34:31.668Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-29143", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T13:34:22.865322Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T13:34:26.815Z"}}], "cna": {"title": "S/MIME Decryption Impersonation", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Andris Suter-D\u00f6rig"}, {"lang": "en", "type": "coordinator", "value": "Matteo Scarlata"}, {"lang": "en", "type": "coordinator", "value": "Kenny Paterson"}], "impacts": [{"capecId": "CAPEC-43", "descriptions": [{"lang": "en", "value": "CAPEC-43 Exploiting Multiple Input Interpretation Layers"}]}, {"capecId": "CAPEC-194", "descriptions": [{"lang": "en", "value": "CAPEC-194 Fake the Source of Data"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SEPPmail", "product": "Secure Email Gateway", "versions": [{"status": "affected", "version": "0", "lessThan": "15.0.3", "versionType": "custom"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-31T14:22:00.000Z", "value": "Vulnerability disclosed to SEPPmail"}, {"lang": "en", "time": "2026-03-03T00:00:00.000Z", "value": "Version 15.0.3 released"}], "references": [{"url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503", "tags": ["release-notes"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers.", "supportingMedia": [{"type": "text/html", "value": "SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:seppmail:seppmail_secure_email_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "15.0.3", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2026-04-02T08:49:31.012Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29143", "state": "PUBLISHED", "dateUpdated": "2026-04-02T13:34:31.668Z", "dateReserved": "2026-03-04T09:08:07.342Z", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "datePublished": "2026-04-02T08:49:31.012Z", "assignerShortName": "NCSC.ch"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:seppmail:secure_email_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3729650-81CA-4311-94BF-14A7A191F8D1", "versionEndExcluding": "15.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers."}], "id": "CVE-2026-29143", "lastModified": "2026-04-16T18:58:05.780", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}, "published": "2026-04-02T09:16:23.123", "references": [{"source": "vulnerability@ncsc.ch", "tags": ["Release Notes"], "url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503"}], "sourceIdentifier": "vulnerability@ncsc.ch", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,15.0.3)"}}], "enrichment": {"confidence": 87.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 87.0, "source": "matching"}]}, "original": {"product": "Secure Email Gateway", "source": "cna", "vendor": "SEPPmail"}, "product": "seppmail_secure_email_gateway", "vendor": "seppmail"}], "analysis": {"en": {"generated_at": "2026-04-02T10:50:54.817622+00:00", "value": {"mitigation_remediation": ["Verify the SEPPmail Secure Email Gateway version currently in use", "Back up existing configurations and gateway data", "Apply the official security update to version 15.0.3 or later", "Confirm that S/MIME messages are now processed with proper header authentication"], "summary": {"action": "Patch", "impact": "Impersonation via trusted header manipulation"}, "threat_synthesis": {"affected_systems": "All installations of SEPPmail Secure Email Gateway assigned to the vendor SEPPmail and running a version earlier than 15.0.3 are affected. Any instance that processes S/MIME messages is potentially vulnerable, regardless of environment or configuration.", "description_and_impact": "SEPPmail Secure Email Gateway fails to validate the inner message of S/MIME\u2011encrypted MIME entities, allowing an attacker to set or alter trusted email headers. This can lead to forged message origins and makes recipients believe the mail comes from a legitimate sender. The flaw is an instance of improper input validation and is classified as CWE\u201120. The vulnerability can compromise data integrity and enable phishing, spoofing, or other social\u2011engineering attacks.", "risk_and_exploitability": "The CVSS score of 7.8 reflects a high severity, indicating that successful exploitation would expose the system to significant impact on confidentiality and integrity. Although EPSS data is unavailable and the vulnerability is not listed in the KEV catalog, the lack of those metrics does not lower the real\u2011world risk. Based on the description, the likely attack vector involves the delivery of a crafted S/MIME email to the gateway; an attacker must control or inject messages into the email flow to an affected system. Once triggered, the attacker can alter trusted headers to impersonate a sender or bypass authentication checks, making the risk considerable for organizations relying on S/MIME for secure communications."}}}}, "created": "2026-04-02T20:15:25.263077+00:00", "updated": "2026-04-02T20:21:43.557057+00:00", "vendors": ["seppmail", "seppmail$PRODUCT$seppmail_secure_email_gateway"]}