CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2025-52691

CVSS 10.0v3.1pub. 2025-12-29upd. 2026-01-27

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

🤖 AI Analysis
How it works

The vulnerability (CWE-434 — unrestricted upload of file with dangerous type) allows an unauthenticated attacker to upload a file of any type to a selected location on the server. The lack of user identity verification and lack of control over the type and destination of the uploaded file means that an attacker can place, for example, a webshell or other malicious executable code directly on the server. Then the attacker can call the uploaded file remotely, gaining full control of the mail server environment.

Impact

An attacker can obtain the ability to remotely execute arbitrary code (RCE) on the mail server without any authentication, which means complete takeover of the system, access to stored email messages, and potential ability to perform lateral movement within the internal network.

Mitigation & patch

Apply patches available from the vendor (SmarterTools) immediately according to the references. Due to active exploitation of the vulnerability in production environments (CISA KEV), the update should be performed immediately. Until the patch is deployed, it is recommended to restrict network access to SmarterMail interfaces and increase monitoring of server logs for suspicious file upload operations.

Who is affected

SmarterMail product by SmarterTools — versions indicated in the vendor references and in the watchTowr Labs analysis (GitHub reference).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Smartertools Smartermail

    APP
    Smartertools
    < 100.0.9413

CISA KEV — detailsi

Vendori
SmarterTools
Producti
SmarterMail
Added to KEVi
January 26, 2026
Remediation deadline (US Federal)i
February 16, 2026(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 16 lutego 2026
Tags
RCEAuth Bypass
CWE
References

Related vulnerabilities

CVE-2026-24423CRITICAL9.3⚠ KEVPL ✓ten sam produkt

SmarterMail – nieuwierzytelnione RCE przez ConnectToHub API

CVE-2026-23760CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Pominięcie uwierzytelnienia w API resetowania hasła SmarterMail

CVE-2021-32234CRITICAL9.8ten sam produkt

SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.

CVE-2019-7214CRITICAL9.8ten sam produkt

SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated a...

CVE-2026-7807HIGH8.7ten sam produkt

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/repo...