New Appliance Release 15.0.3 / CVEs added
Information notice
SEPPmail Appliances
Appliance Release Info
Updates
Information
March 5, 2026 · 10:17 CET
A new SEPPmail Appliance release has been published.
With this release we closed another batch of the ETH Zurich findings:
- High: S/MIME Signature Additional Certificate CVE-2026-29140
- High: Bounded Subject Tag Sanitization CVE-2026-29141
- High: Plaintext secure-mail.html CVE-2026-29142
- High: S/MIME Decryption Impersonation CVE-2026-29143
- High: Unicode Subject Tags CVE-2026-29144
- High: GINA State Confusion Account Takeover CVE-2026-29139
- Medium: PGP Decryption Recipient LDAP Injection CVE-2026-29131
- Low: ESWmail-Verify Bypass CVE-2026-29132
- Low: UID Regex Bypass CVE-2026-29133
- Low: GINA Domain Switch CVE-2026-29134
- Low: Webmail Password Tag Sanitization Bypass CVE-2026-29135
- Low: CA Notification HTML Injection CVE-2026-29136
- Low: Long Subject Untagging CVE-2026-29137
-
Low: PGP Decryption Sender LDAP Injection CVE-2026-29138
and a possible path traversal found by Infoguard CVE-2026-2743
We also updated OpenBSD 7.7 to errata 23 and fixed a list of smaller issues.
Please see the revision history and the extended release notes for further details.
← Back