CVE-2026-7807
SmarterTools · SmarterMail
SmarterTools SmarterMail contains a path traversal vulnerability in the API that allows authenticated users to read arbitrary files on the server.
Executive summary
A path traversal vulnerability in SmarterTools SmarterMail allows authenticated attackers to read sensitive files from the underlying server filesystem.
Vulnerability
This is a Local File Inclusion (LFI) / Path Traversal vulnerability (CWE-22) residing in the /api/v1/report/summary/{type} endpoint. The vulnerability requires the attacker to be an authenticated user to successfully manipulate path parameters and access unauthorized files.
Business impact
The ability for an authenticated user to read arbitrary files poses a severe risk to confidentiality. An attacker could potentially extract sensitive configuration files, system credentials, or user data, leading to full system compromise or lateral movement within the network. With a CVSS score of 8.1, this is a high-severity flaw that could result in significant data exfiltration.
Remediation
Immediate Action: Upgrade SmarterMail to build 9560 or later, as provided in the vendor security release.
Proactive Monitoring: Review access logs for the /api/v1/report/summary/ endpoint for unusual patterns, such as directory traversal sequences (e.g., "../").
Compensating Controls: Ensure that the service account running SmarterMail follows the principle of least privilege, restricting its ability to access files outside of the application's intended directory.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Given the potential for unauthorized file access, administrators should prioritize updating SmarterMail to build 9560. This patch effectively closes the directory traversal vector, preventing attackers from escalating their level of access beyond their authorized scope.