CNNVD-202601-4963 Information
CNNVD ID
CNNVD-202601-4963
Related CVE
- CNNVD Published: 2026-01-29
Description (Chinese)
SmarterTools SmarterMail是SmarterTools公司的一套邮件服务器软件。该软件支持垃圾邮件过滤、数据统计、简单邮件传输协议SMTP验证等功能。 SmarterTools SmarterMail 9518之前版本存在安全漏洞,该漏洞源于未经身份验证的路径强制转换,可能导致凭证强制和NTLM中继攻击。
Description (English)
SmartTools SmarterMail is a mail server software for SmarterTools. The software supports such functions as spam filtering, data statistics, simple mail transfer protocol SMTP authentication. Prior to the SmarterTools SmarterMail 9518 version, there was a security loophole, which stemmed from the mandatory conversion of unidentified paths, which could lead to a certificate enforcement and NTLM repeat attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
SmarterTools
Published
2026-01-29
Last Modified
2026-02-24
References
https://www.smartertools.com/smartermail/release-notes/current https://www.vulncheck.com/advisories/smartertools-smartermail-unauthenticated-background-of-the-day-path-coercion
Patch
https://www.smartertools.com/smartermail/release-notes/current
Share on: