CVE-2026-25067

EUVD-2026-4974

29.01.2026, 05:16

SmarterTools SmarterMail versions prior to build 9518  contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows UNC paths to be resolved, causing the SmarterMail service to initiate outbound SMB authentication attempts to attacker-controlled hosts. This can be abused for credential coercion, NTLM relay attacks, and unauthorized network authentication.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Common Weakness Enumeration

CWE-706 - Use of Incorrectly-Resolved Name or Reference
The software uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

References

https://www.smartertools.com/smartermail/release-notes/current

https://www.vulncheck.com/advisories/smartertools-smartermail-unauthenticated-background-of-the-day-path-coercion