CVE-2026-27441
CRITICAL WAF: High
CVSS 9.8
Published: 2026-03-04
CWE-78
SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| seppmail | seppmail | up to 15.0.1 |
References
- downloads.seppmail.com (Vendor Advisory)