CVE-2026-44128

Published: Mag 08, 2026 Last Modified: Mag 08, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval.

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Incomplete

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Access Control Integrity Availability Other Non-Repudiation

Potential Impacts:

Read Files Or Directories Read Application Data Bypass Protection Mechanism Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Hide Activities

Applicable Platforms

Languages: Interpreted, Java, JavaScript, Perl, PHP, Python, Ruby

Technologies: AI/ML

Likelihood of Exploit: Medium

View CWE Details

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html…

https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security

CVE-2026-44128

Description

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter