CVE-2026-2743 is a path traversal vulnerability in the SeppMail User Web Interface's Large File Transfer (LFT) feature, affecting SeppMail 15.0.2.1 and earlier. The vulnerable upload handling in /v1/file.app accepts a user-controlled file path from JSON input and passes it to attachment storage logic without proper sanitization. By supplying traversal sequences such as '../', an attacker can escape the intended session directory and write files to arbitrary filesystem locations writable by the web application context. Public reporting states this arbitrary file write can be chained to remote code execution by overwriting /etc/syslog.conf with malicious syslog directives; when syslogd reloads the modified configuration, attacker-controlled commands are executed. The issue has been described as pre-authenticated, although one source notes self-registration is enabled by default and may make session acquisition trivial; the available reporting consistently indicates no meaningful privileges are required for exploitation.
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
What an attacker gets, and what they’ve been doing with it.
If you can’t patch tonight, do this now.
Patch, then assume compromise.
No public exploits tracked yet. Mallory keeps watching.
No public exploit code observed for this vulnerability.
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
7 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A pre-authenticated remote code execution vulnerability in the SEPPmail Secure Email Gateway Large File Transfer component caused by arbitrary file write via unsanitized path traversal.
A critical path traversal flaw in the SeppMail User Web Interface LFT feature that enables arbitrary file write and can lead to remote code execution and full appliance takeover.
A pre-authenticated remote code execution vulnerability in SEPPMail's Large File Transfer component caused by arbitrary file write via path traversal, which can be chained to overwrite /etc/syslog.conf and achieve code execution.
An arbitrary file write via path traversal in the SeppMail User Web Interface (Large File Transfer/LFT feature) that can lead to remote code execution.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.