Vulnerability in Smartertools Smartermail

CVE-2026-25067

SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem…

EPSS: 0.000 (8.5th percentile) — read the EPSS interpretation.

Affected products

Smartertools Smartermail — versions 0

Weakness classification (CWE)

CWE-706 — Use of Incorrectly-Resolved Name or Reference

References

www.smartertools.com/smartermail/release-notes/current (release-notes, patch)
www.vulncheck.com/advisories/smartertools-smartermail-unauthenticated-backgroun… (third-party-advisory)