CVE-2026-7807
SmarterMail Local File Inclusion and Credential Exposure
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| smartertools | smartermail | to 9560 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in SmarterTools SmarterMail builds prior to version 9560. It is a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint. Authenticated users can exploit this flaw to read arbitrary .json files on the system.
Additionally, attackers can combine this vulnerability with weak encryption algorithms and hardcoded keys to decrypt and access stored passwords and two-factor authentication (2FA) secrets for all users.
How can this vulnerability impact me? :
The vulnerability allows attackers who have authenticated access to read arbitrary JSON files on the system, potentially exposing sensitive information.
By exploiting weak encryption and hardcoded keys, attackers can decrypt stored passwords and 2FA secrets, compromising user accounts and overall system security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated users to read arbitrary .json files on the system, which can be exploited to decrypt and access stored passwords and two-factor authentication secrets for all users.
This exposure of sensitive authentication data could lead to unauthorized access to user accounts and sensitive information, potentially violating data protection requirements under regulations such as GDPR and HIPAA.
Organizations using affected versions of SmarterMail may face compliance risks due to inadequate protection of personal and authentication data, which are critical under these standards.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects SmarterTools SmarterMail versions prior to build 9560 and involves a local file inclusion flaw in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json files.
To detect exploitation attempts or presence of this vulnerability on your system, you can monitor access logs for unusual or unauthorized requests to the /api/v1/report/summary/ endpoint, especially those attempting to access unexpected or sensitive .json files.
Suggested commands include searching web server or application logs for suspicious API calls. For example, using grep on Linux systems:
- grep "/api/v1/report/summary/" /var/log/smartermail/access.log
- grep -E "/api/v1/report/summary/.+\.json" /var/log/smartermail/access.log
Additionally, monitoring for authenticated user activity that requests unusual file paths or filenames in the API endpoint can help identify exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade SmarterMail to build 9560 or later, as versions prior to 9560 contain this vulnerability.
Until an upgrade can be performed, restrict access to the /api/v1/report/summary/{type} API endpoint to only trusted and authenticated users, and monitor for suspicious activity.
Additionally, review and strengthen encryption algorithms and avoid using hardcoded keys to protect stored passwords and 2FA secrets.
Implement network-level controls such as firewall rules to limit access to the SmarterMail server and its API endpoints.