SmarterTools SmarterMail is vulnerable to unrestricted file upload, potentially leading to remote code execution. An unauthenticated attacker could upload arbitrary files to the mail server. Users should apply mitigations per vendor instructions or discontinue use of the product.
Vendor: SmarterTools Product: SmarterMail Description: SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due Date: 2026-02-16