SmarterMail Vulnerabilities Advisory
Summary
CERT-Bund has issued a security advisory for SmarterTools SmarterMail, detailing multiple vulnerabilities with a CVSS Base Score of 8.6. These vulnerabilities allow for remote attacks, potentially leading to denial of service, credential exposure, and other impacts. Mitigation is available.
What changed
This advisory from CERT-Bund (WID-SEC-2026-0819) addresses multiple critical vulnerabilities in SmarterTools SmarterMail, affecting Linux, UNIX, and Windows operating systems. The vulnerabilities, with a CVSS Base Score of 8.6, can be exploited remotely by anonymous attackers to deceive users, bypass security mechanisms, cause denial of service, and expose credentials. The advisory indicates that mitigation measures are available.
Organizations using SmarterMail, specifically versions prior to Build 9575, should immediately review the advisory and implement available mitigation strategies. Failure to address these vulnerabilities could lead to significant security breaches, including unauthorized access and system disruption. The advisory provides links for CVE information and version history, which should be consulted for detailed remediation steps.
What to do next
- Review SmarterTools SmarterMail advisory WID-SEC-2026-0819
- Implement available mitigation measures for SmarterMail
- Update SmarterMail to Build 9575 or later if applicable
Source document (simplified)
[WID-SEC-2026-0819] SmarterTools SmarterMail: Mehrere Schwachstellen CVSS Base Score 8.6 (hoch) CVSS Temporal Score 7.5 (hoch) Remoteangriff ja Datum 22.03.2026 Stand 23.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- UNIX
- Windows
Produktbeschreibung
SmarterMail von SmarterTools ist eine Mailserver-Software.
Produkte
22.03.2026
- SmarterTools SmarterMail <Build 9575
Angriff
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SmarterTools SmarterMail ausnutzen, um den Benutzer zu täuschen, um Sicherheitsmechanismen zu umgehen, um einen Denial of Service herbeizuführen, um Anmeldeinformationen offenzulegen und um andere, nicht näher genannte Auswirkungen zu erzielen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.