Vulnerability Description
SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows UNC paths to be resolved, causing the SmarterMail service to initiate outbound SMB authentication attempts to attacker-controlled hosts. This can be abused for credential coercion, NTLM relay attacks, and unauthorized network authentication.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smartertools | Smartermail | < 100.0.9518 |
Related Weaknesses (CWE)
References
- https://www.smartertools.com/smartermail/release-notes/currentRelease Notes
- https://www.vulncheck.com/advisories/smartertools-smartermail-unauthenticated-baThird Party AdvisoryVDB Entry
FAQ
What is CVE-2026-25067?
CVE-2026-25067 is a vulnerability with a CVSS score of 5.3 (MEDIUM). SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-sup...
How severe is CVE-2026-25067?
CVE-2026-25067 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-25067?
Check the references section above for vendor advisories and patch information. Affected products include: Smartertools Smartermail.