What is GHSA-3hq3-ff7h-6mf5?

GHSA-3hq3-ff7h-6mf5 is a security advisory published by GitHub Security Advisories with Critical severity. Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web...

Which CVE IDs does GHSA-3hq3-ff7h-6mf5 cover?

GHSA-3hq3-ff7h-6mf5 covers the following CVE IDs: CVE-2026-2743. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-3hq3-ff7h-6mf5?

GHSA-3hq3-ff7h-6mf5 has a CVSS v3 base score of 9.8, published by GitHub Security Advisories.

GHSA-3hq3-ff7h-6mf5CriticalCVSS 9.8

Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web...

Vendor

GitHub Security Advisories

Published

March 5, 2026

Last Modified

May 18, 2026

🔗 CVE IDs covered (1)

CVE-2026-2743 →

📋 Description

Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-2743
https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html
https://labs.infoguard.ch/advisories/seppmail
https://labs.infoguard.ch/posts/seppmail_secure_e-mail_gateway_rce_vulnerabilities_cve-2026-2743_cve-2026-7864_cve-2026-44127_cve-2026-44128
https://github.com/advisories/GHSA-3hq3-ff7h-6mf5