Path traversal in PDF generation module
Summary
| CVE | CVE-2026-8811 |
|---|---|
| State | PUBLISHED |
| Assigner | NCSC.ch |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-18 13:25:46 UTC |
| Updated | 2026-06-22 19:45:16 UTC |
| Description | SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations. |
Risk And Classification
Primary CVSS: v4.0 7.1 HIGH from [email protected]
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.003190000 probability, percentile 0.235830000 (date 2026-06-25)
Problem Types: CWE-22 | CWE-22 CWE-22
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 7.1 | HIGH | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/C... |
| 4.0 | CNA | CVSS | 7.1 | HIGH | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L |
CVSS v4.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowAttack Requirements
PresentPrivileges Required
LowUser Interaction
NoneConfidentiality
NoneIntegrity
HighAvailability
LowSub Conf.
NoneSub Integrity
HighSub Availability
LowCVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | SEPPmail AG | Secure Email Gateway | affected 15.0.5 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| downloads.seppmail.com/extrelnotes/150/ERN15.0.html | [email protected] | downloads.seppmail.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Andris Suter-Dörig (ETH Zürich, Applied Crypto Group) (en)
CNA: Olivier Becker (InfoGuard AG) (en)
There are currently no legacy QID mappings associated with this CVE.