SecAlerts
CVE ListPricingSign Up
smartertools logo

smartertools

Security Risk Profile

57
/100
medium

Security Risk Score

Comprehensive risk assessment based on 60 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from December 31, 2004 to present

60
Total CVEs
20
Critical+High
10
Exploited
17
Unpatched

Threat Assessment

Avg CVSS
6.6
Base severity
Avg EPSS
16%
Exploit probability
Unpatched
17
Critical/High
Risk Level
57/100
medium
⚠️ 10 Active Exploits 2 Zero-Days📈 2 in Last 30 Days

Severity Distribution

Critical
10
High
10
Medium
33
Low
0

Exploit Likelihood

>50% chance
1
20-50%
1
5-20%
0
<5%
3

Age Distribution

Common Weaknesses (CWE)

1
XSS
19
2
Infoleak
5
3
Path Traversal
3
4
Malicious File Upload
2
5
Command Injection
2

Most Affected Products

1. SmarterTools SmarterTrack52
2. SmarterTools SmarterMail50
3. SmarterTools SmarterStats18
4. SmarterTools SmarterMail Enterprise1

Recent Vulnerabilities

See more →
CVE-2026-7807
CVSS 8.7EPSS 0%high

SmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} API

5/8/2026🔧 No Patch
CVE-2026-40514
CVSS 8.2high

SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG

4/27/2026🔧 No Patch
https://www.bleepingcomputer.com/news/security/telegram-channels-expose-rapid-weaponization-of-smartermail-flaws/
unknown

Telegram channels expose rapid weaponization of SmarterMail flaws

2/18/2026⚠ Exploited⚡ Zero-Day🔧 No Patch
CVE-2026-26930
CVSS 7.2EPSS 0%high
2/16/2026🔧 No Patch
https://www.bleepingcomputer.com/news/security/cisa-warns-of-smartermail-rce-flaw-used-in-ransomware-attacks/
unknown

CISA warns of SmarterMail RCE flaw used in ransomware attacks

2/6/2026⚠ Exploited🔧 No Patch
CVE-2026-25067
CVSS 6.9EPSS 0%medium

SmarterTools SmarterMail < Build 9518 Unauthenticated background-of-the-day Path Coercion

1/29/2026🔧 No Patch
CVE-2026-24423
CVSS 9.8EPSS 23%critical

SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability

1/23/2026⚠ Exploited
https://www.bleepingcomputer.com/news/security/smartermail-auth-bypass-flaw-now-exploited-to-hijack-admin-accounts/
unknown

SmarterMail auth bypass flaw now exploited to hijack admin accounts

1/22/2026⚠ Exploited⚡ Zero-Day🔧 No Patch
CVE-2026-23760
CVSS 9.8EPSS 56%critical

SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability

1/22/2026⚠ Exploited
CVE-2020-36926
CVSS 6.9medium

SmarterTools SmarterTrack 7922 -Information Disclosure

1/15/2026🔧 No Patch

Monitor smartertools in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.