Smartertools Smartermail
9 CVEs affecting Smartertools Smartermail. Latest disclosed: 2026-05-08. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-52691 | Critical | 10.0 | 2025-12-29 | Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially… |
CVE-2026-7807 | High | 8.1 | 2026-05-08 | SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authen… |
CVE-2026-26930 | High | 7.2 | 2026-02-16 | SmarterTools SmarterMail before 9526 allows XSS via MAPI requests. |
CVE-2026-40514 | Medium | 5.9 | 2026-04-27 | SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys an… |
CVE-2026-25067 | | 2026-01-29 | SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. Th… | |
CVE-2026-24423 | | 2026-01-23 | SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attack… | |
CVE-2026-23760 | | 2026-01-22 | SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoi… | |
CVE-2012-2578 | | 2012-09-19 | Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body… | |
CVE-2010-3486 | | 2010-09-22 | Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slas… |