What the vulnerability does
01Description
SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution.
CVSS base score
9.5/10
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L
Key dates
02Disclosure timeline
March 4, 2026
CVE published
March 4, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-66211 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in PostgreSQL Init Script Filename
CVE-2024-50376
CVE-2025-6620 TOTOLINK CA300-PoE upgrade.so setUpgradeUboot os command injection
CVE-2025-59156 Coolify has Docker Compose Injection issue
CVE-2026-48778 Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
