{“lastseen”:””,”description”:”SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the \/api\/v1\/report\/summary\/{type} API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms and hardcoded keys to decrypt and access stored passwords and 2FA secrets for all users.”,”published”:”2026-05-08T19:54:33.363Z”,”modified”:”2026-05-08T19:54:33.363Z”,”type”:”cve”,”title”:”SmarterTools SmarterMail \\u003c Build 9560 Server Local File Inclusion via the \/api\/v1\/report\/summary\/{type} API”,”source”:”VulnCheck”,”references”:”https:\/\/www.smartertools.com\/smartermail\/release-notes\/current\\nhttps:\/\/www.vulncheck.com\/advisories\/smartertools-smartermail-build-9560-server-local-file-inclusion-via-the-api-v1-report-summary-type-api”,”id”:”CVE-2026-7807″,”bulletinFamily”:””,”cwe”:[“CWE-22″],”cvelist”:null,”sourceData”:”SmarterTools Inc. SmarterMail 0″,”sourceHref”:””,”cvss”:{“score”:8.7,”severity”:”HIGH”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”SmarterMail”,”version”:”0″,”vendor”:”SmarterTools Inc.”,”ai_description”:”Local file inclusion vulnerability in SmarterMail API”,”ai_severity”:”High”,”ai_vendor”:”SmarterTools Inc.”,”ai_product”:”SmarterMail”,”ai_version”:”\\u003c 9560″,”ai_score”:8.7}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the \/api\/v1\/report\/summary\/{type} API endpoint that allows authenticated users to read arbitrary .json…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,19,12,15,13,7,11,5],"class_list":["post-52621","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-87","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n