The S/MIME specification allows a Cipher Block Chaining malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.