What is GHSA-hp2p-h743-jhv4?

GHSA-hp2p-h743-jhv4 is a security advisory published by GitHub Security Advisories with High severity. SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted...

Which CVE IDs does GHSA-hp2p-h743-jhv4 cover?

GHSA-hp2p-h743-jhv4 covers the following CVE IDs: CVE-2026-8811. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

GHSA-hp2p-h743-jhv4High

SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted...

Vendor

GitHub Security Advisories

Published

June 18, 2026

Last Modified

June 18, 2026

🔗 CVE IDs covered (1)

CVE-2026-8811 →

📋 Description

SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-8811
https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#possible-path-traversal-vulnerability
https://github.com/advisories/GHSA-hp2p-h743-jhv4