Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

SmarterTools SmarterMail Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

Exploited

Patched

A vulnerability in SmarterMail software, affecting versions Build 9406 and earlier, allows unauthenticated attackers to upload arbitrary files to any location on the mail server. This file upload capability could be exploited to execute remote code on the server.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads on the mail server, with the potential for remote code execution.

Remediation

Users and administrators are advised to update to SmarterMail version Build 9413 immediately.

Added: Dec 29, 2025, 3:17 AM

Updated: Jan 26, 2026, 8:11 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

9.3

remediation

7.7

relevance

1.8

threat

9.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

9.3

remediation

7.7

relevance

1.8

threat

9.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

SmarterTools SmarterMail Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

SmarterTools SmarterMail

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating