CVE-2026-25067

UNKNOWN 0.0

SmarterTools SmarterMail < Build 9518 Unauthenticated background-of-the-day Path Coercion

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows UNC paths to be resolved, causing the SmarterMail service to initiate outbound SMB authentication attempts to attacker-controlled hosts. This can be abused for credential coercion, NTLM relay attacks, and unauthorized network authentication.

CWE	CWE-706
Vendor	smartertools
Product	smartermail
Published	Jan 29, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for smartertools smartermail

Be the first to know when new unknown vulnerabilities affecting smartertools smartermail are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

SmarterTools / SmarterMail

0 < 100.0.9518

References

NVD ↗ CVE.org ↗ EPSS Data ↗

smartertools.com: https://www.smartertools.com/smartermail/release-notes/current vulncheck.com: https://www.vulncheck.com/advisories/smartertools-smartermail-unauthenticated-background-of-the-day-path-coercion

Credits

Cale Black of VulnCheck