{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-8811","assignerOrgId":"455daabc-a392-441d-aa46-37d35189897c","state":"PUBLISHED","assignerShortName":"NCSC.ch","dateReserved":"2026-05-18T08:15:54.739Z","datePublished":"2026-06-18T09:05:46.285Z","dateUpdated":"2026-06-18T12:14:45.784Z"},"containers":{"cna":{"providerMetadata":{"orgId":"455daabc-a392-441d-aa46-37d35189897c","shortName":"NCSC.ch","dateUpdated":"2026-06-18T09:05:46.285Z"},"title":"Path traversal in PDF generation module","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-22","description":"CWE-22","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-126","descriptions":[{"lang":"en","value":"CAPEC-126 Path Traversal"}]}],"affected":[{"vendor":"SEPPmail AG","product":"Secure Email Gateway","versions":[{"status":"affected","version":"0","lessThan":"15.0.5","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations.</p>"}]}],"references":[{"url":"https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#possible-path-traversal-vulnerability"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"HIGH","baseScore":7.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L"}}],"credits":[{"lang":"en","value":"Andris Suter-Dörig (ETH Zürich, Applied Crypto Group)","type":"finder"},{"lang":"en","value":"Olivier Becker (InfoGuard AG)","type":"finder"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.2"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-06-18T12:09:49.487273Z","id":"CVE-2026-8811","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-06-18T12:14:45.784Z"}}]}}