{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-29144", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "state": "PUBLISHED", "assignerShortName": "NCSC.ch", "dateReserved": "2026-03-04T09:08:07.342Z", "datePublished": "2026-04-02T08:50:55.713Z", "dateUpdated": "2026-04-02T13:32:54.711Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2026-04-02T08:50:55.713Z"}, "title": "Unicode Subject Tags", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-632", "descriptions": [{"lang": "en", "value": "CAPEC-632 Homograph Attack via Homoglyphs"}]}, {"capecId": "CAPEC-473", "descriptions": [{"lang": "en", "value": "CAPEC-473 Signature Spoof"}]}], "affected": [{"vendor": "SEPPmail", "product": "Secure Email Gateway", "versions": [{"status": "affected", "version": "0", "lessThan": "15.0.3", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:seppmail:seppmail_secure_email_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "0", "versionEndExcluding": "15.0.3"}]}]}], "descriptions": [{"lang": "en", "value": "SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters."}]}], "references": [{"url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503", "tags": ["release-notes"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N"}}], "timeline": [{"time": "2025-10-31T14:22:00.000Z", "lang": "en", "value": "Vulnerability disclosed to SEPPmail"}, {"time": "2026-03-03T00:00:00.000Z", "lang": "en", "value": "Version 15.0.3 released"}], "credits": [{"lang": "en", "value": "Andris Suter-D\u00f6rig", "type": "finder"}, {"lang": "en", "value": "Matteo Scarlata", "type": "coordinator"}, {"lang": "en", "value": "Kenny Paterson", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T13:32:44.731737Z", "id": "CVE-2026-29144", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T13:32:54.711Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-29144", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T13:32:44.731737Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T13:32:49.787Z"}}], "cna": {"title": "Unicode Subject Tags", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Andris Suter-D\u00f6rig"}, {"lang": "en", "type": "coordinator", "value": "Matteo Scarlata"}, {"lang": "en", "type": "coordinator", "value": "Kenny Paterson"}], "impacts": [{"capecId": "CAPEC-632", "descriptions": [{"lang": "en", "value": "CAPEC-632 Homograph Attack via Homoglyphs"}]}, {"capecId": "CAPEC-473", "descriptions": [{"lang": "en", "value": "CAPEC-473 Signature Spoof"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SEPPmail", "product": "Secure Email Gateway", "versions": [{"status": "affected", "version": "0", "lessThan": "15.0.3", "versionType": "custom"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-31T14:22:00.000Z", "value": "Vulnerability disclosed to SEPPmail"}, {"lang": "en", "time": "2026-03-03T00:00:00.000Z", "value": "Version 15.0.3 released"}], "references": [{"url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503", "tags": ["release-notes"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters.", "supportingMedia": [{"type": "text/html", "value": "SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:seppmail:seppmail_secure_email_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "15.0.3", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2026-04-02T08:50:55.713Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29144", "state": "PUBLISHED", "dateUpdated": "2026-04-02T13:32:54.711Z", "dateReserved": "2026-03-04T09:08:07.342Z", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "datePublished": "2026-04-02T08:50:55.713Z", "assignerShortName": "NCSC.ch"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:seppmail:secure_email_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3729650-81CA-4311-94BF-14A7A191F8D1", "versionEndExcluding": "15.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters."}], "id": "CVE-2026-29144", "lastModified": "2026-04-16T19:00:40.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}, "published": "2026-04-02T09:16:23.293", "references": [{"source": "vulnerability@ncsc.ch", "tags": ["Release Notes"], "url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503"}], "sourceIdentifier": "vulnerability@ncsc.ch", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,15.0.3)"}}], "enrichment": {"confidence": 87.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 87.0, "source": "matching"}]}, "original": {"product": "Secure Email Gateway", "source": "cna", "vendor": "SEPPmail"}, "product": "seppmail_secure_email_gateway", "vendor": "seppmail"}], "analysis": {"en": {"generated_at": "2026-04-02T10:23:15.498614+00:00", "value": {"mitigation_remediation": ["Upgrade SEPPmail Secure Email Gateway to version 15.0.3 or later.", "Verify that the upgrade has been successfully applied and that subject sanitization is enforced.", "Monitor mail logs for attempts to use forged security tags in the subject field."], "summary": {"action": "Apply Patch", "impact": "Unauthorized email tag manipulation leading to security bypass"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the SEPPmail Secure Email Gateway product from SEPPmail, specifically any installations running versions earlier than 15.0.3. The affected component is the subject parsing and sanitization routine that interprets Unicode characters as if they were plain ASCII tags.", "description_and_impact": "SEPPmail Secure Email Gateway before version 15.0.3 accepts Unicode characters that look like standard ASCII in the subject field. This allows an attacker to bypass the gateway\u2019s subject sanitization and forge security tags that the system uses for filtering or forwarding. The result is that the attacker can misrepresent an email\u2019s security status, potentially causing the message to be treated as legitimate even though it should be flagged or blocked.", "risk_and_exploitability": "With a CVSS score of 7.8 the flaw is considered high severity. The exploit would be performed by sending a specially crafted email that uses lookalike Unicode characters in the subject line. EPSS data are not available, and the flaw is not listed in the CISA KEV catalog, so there is no confirmed public exploitation yet, but the vulnerability remains a significant risk pending an update."}}}}, "created": "2026-04-02T20:13:03.334552+00:00", "updated": "2026-04-02T20:21:42.550413+00:00", "vendors": ["seppmail", "seppmail$PRODUCT$seppmail_secure_email_gateway"]}