CVE-2026-7807 is a HIGH severity vulnerability in SmarterTools SmarterMail builds prior to 9560. The vulnerability allows authenticated users to read arbitrary .json files on the system via the /api/v1/report/summary/{type} API endpoint. This can be combined with weak encryption algorithms and hardcoded keys to decrypt and access stored passwords and 2FA secrets for all users. The CVSS score for this vuln [truncated]
CVE-2026-40514 is a HIGH-severity vulnerability in SmarterTools SmarterMail builds prior to 9610. The vulnerability is caused by a cryptographic weakness in the file and email sharing endpoints, which use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy. This reduces the seed space to approximately 19,000 possible values, allowing an unaut [truncated]
