The vulnerability is a path‑coercion flaw (CWE‑706) that allows SmarterMail versions prior to build 9518 to base64‑decode attacker‑supplied data and use it directly as a filesystem path without validation. On Windows systems an attacker can supply a UNC path, causing the SmarterMail service to initiate outbound SMB authentication attempts to the specified host. These authentication attempts can be abused for credential coercion, NTLM relay, and unauthorized network authentication, thereby compromising confidentiality and potentially enabling lateral movement within the internal network.

SmarterTools SmarterMail versions with build numbers below 9518 are affected. The issue manifests only when the background‑of‑the‑day preview endpoint is reachable from an unauthenticated network source, and the server is running on a Windows platform where SMB traffic is enabled.

The CVSS score of 6.9 indicates a moderate to high severity, while the EPSS score of less than 1% suggests that active exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires only unauthenticated network access to the preview endpoint and the ability to send a crafted request; if this is available the flaw can trigger outbound SMB authentication, allowing an attacker to steal credentials or relay NTLM messages. The overall risk is therefore driven primarily by the exposure of the service to external networks and the presence of internal Windows infrastructure that can be leveraged for relay attacks.