Ctrl + K
/ news / CVE
CVEPublished 2026-05-08Modified 2026-06-041 article on news5 live referencesNVD data

CVE-2026-7807Smartertools · Smartermail

Vulnerability data via NVD (ingested)

CVSS v3.1
8.1
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS percentile
3
Exploit Prediction Scoring System · top 97% of all CVEs
Weaknesses (CWE)
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms and hardcoded keys to decrypt and access stored passwords and 2FA secrets for all users.

Timeline
Published 2026-05-08
Modified 2026-06-04

External references

NVDMITREExploit-DBSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-7807
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product
product:"Smartertools Smartermail"
All exposed Smartertools Smartermail instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Smartermail"
HTTP body or banner mentions "Smartermail" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2026-7807
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-7807
Censys host search filtered to this CVE id.
grep.app
CVE-2026-7807
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-7807
GitHub code search for direct mentions.
Google dork
"CVE-2026-7807" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2026-78078 repos
Hack23/ciaJava
Citizen Intelligence Agency. Open-source intelligence platform analyzing Swedish political activities using AI and data visualization. Tracks politicians, government institutions, …
★ 229·updated 4d ago
tahirraufkeeyu/software-development-agent-stack--sdasAstro
Turn Claude into your team's teammate — 50 ready-to-install skills for engineering, security, devops, sales, marketing, and more.
★ 18·updated 1mo ago
liuzhen9320/zstarunknown
They said organizing stars was extremely troublesome, so I lent a hand.
★ 5·updated 4d ago
wrkzg-korvar/wrkzg-twitchbotC#
The open-source, local-first Twitch bot with a modern dashboard. Chat commands, moderation, polls, raffles, points — all running on your machine. No cloud, no subscriptions, no dat…
★ 4·updated 1mo ago
paulpas/agent-skill-routerTypeScript
Skills for AI Agents to leverage
★ 4·updated 4d ago
artsmc/claude-dev-agentsPython
Custom agents and commands for Claude Code - specialized development workflows
★ 3·updated 2w ago
Viicsr/bankercrmPython
★ 1·updated 3w ago
10xGuatemala/DiezX.Api.CommonsC#
Este módulo central está equipado con clases esenciales diseñadas para facilitar la implementación de APIs RESTful con módulos de Autorización y Autenticación básica de usuarios, u…
★ 1·updated 2w ago
Articles on news mentioning CVE-2026-7807