High severity8.1NVD Advisory· Published May 8, 2026· Updated Jun 4, 2026
CVE-2026-7807
CVE-2026-7807
Description
SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms and hardcoded keys to decrypt and access stored passwords and 2FA secrets for all users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*range: <100.0.9560
- (no CPE)range: <9560
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.