CVE-2026-7807

SmarterTools · SmarterMail

SmarterTools SmarterMail contains a path traversal vulnerability in the API that allows authenticated users to read arbitrary files on the server.

Executive summary

A path traversal vulnerability in SmarterTools SmarterMail allows authenticated attackers to read sensitive files from the underlying server filesystem.

Vulnerability

This is a Local File Inclusion (LFI) / Path Traversal vulnerability (CWE-22) residing in the /api/v1/report/summary/{type} endpoint. The vulnerability requires the attacker to be an authenticated user to successfully manipulate path parameters and access unauthorized files.

Business impact

The ability for an authenticated user to read arbitrary files poses a severe risk to confidentiality. An attacker could potentially extract sensitive configuration files, system credentials, or user data, leading to full system compromise or lateral movement within the network. With a CVSS score of 8.1, this is a high-severity flaw that could result in significant data exfiltration.

Remediation

Immediate Action: Upgrade SmarterMail to build 9560 or later, as provided in the vendor security release.

Proactive Monitoring: Review access logs for the /api/v1/report/summary/ endpoint for unusual patterns, such as directory traversal sequences (e.g., "../").

Compensating Controls: Ensure that the service account running SmarterMail follows the principle of least privilege, restricting its ability to access files outside of the application's intended directory.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Given the potential for unauthorized file access, administrators should prioritize updating SmarterMail to build 9560. This patch effectively closes the directory traversal vector, preventing attackers from escalating their level of access beyond their authorized scope.