CVE-2026-25067

Medium CVSS: 6.9

SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows UNC paths to be resolved, causing the SmarterMail service to initiate outbound SMB authentication attempts to attacker-controlled hosts. This can be abused for credential coercion, NTLM relay attacks, and unauthorized network authentication.

Vendor

Smartertools

Product

Smartermail

CWE

CWE-706

Yayın Tarihi

2026-01-29 05:16:13

Güncelleme

2026-03-09 14:29:14

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-706 Smartermail MEDIUM Smartertools 2026

Referanslar

https://www.smartertools.com/smartermail/release-notes/current https://www.vulncheck.com/advisories/smartertools-smartermail-unauthenticated-background-of-the-day-path-coercion

Benzer Kayıtlar

Critical

CVE-2026-24423

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in…

Critical

CVE-2026-23760

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password res…

Medium

CVE-2020-36926

SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent…

Critical

CVE-2025-52691

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any lo…