StackPatch is liveSee product

Back to CVE digest
NVD · CVE-2026-7807

CVE-2026-7807

Published: Fri, 08 May 2026 20:16

CVE-2026-7807

Summary

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json fil

Details

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms and hardcoded keys to decrypt and access stored passwords and 2FA secrets for all users.

Are YOU affected by CVE-2026-7807?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether CVE-2026-7807 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash
Form-based quickscan Read the bash source first

References

Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.

Buy lifetime →See StackPatch →Live audit log →