CVE-2026-40514: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in SmarterTools Inc. SmarterMail
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possible values. An unauthenticated attacker can use the attachment download endpoint as an oracle to determine the seed in use and derive encryption keys and initialization vectors to forge sharing tokens for arbitrary emails, attachments, or file storage contents without prior access to the targeted content.
AI Analysis
Technical Summary
CVE-2026-40514 affects SmarterTools SmarterMail builds prior to version 9610. The vulnerability arises from the use of DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, limiting the seed space to approximately 19,000 values. This cryptographic weakness allows an unauthenticated attacker to leverage the attachment download endpoint as an oracle to recover the seed and subsequently derive encryption keys and initialization vectors. With these, the attacker can forge sharing tokens to access arbitrary emails, attachments, or file storage contents without prior access. The CVSS 4.0 base score is 8.2, indicating high severity. No vendor advisory or patch information is currently provided.
Potential Impact
An unauthenticated attacker can exploit this vulnerability to bypass access controls on file and email sharing endpoints by forging sharing tokens. This allows unauthorized access to arbitrary emails, attachments, or file storage contents. The cryptographic weakness significantly reduces the complexity of key derivation, making token forgery feasible. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, organizations should consider restricting access to the affected endpoints and monitor for suspicious activity related to sharing token usage. Avoid relying on the affected versions of SmarterMail for sensitive file and email sharing. Do not assume the vulnerability is mitigated without vendor confirmation.
CVE-2026-40514: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in SmarterTools Inc. SmarterMail
Description
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possible values. An unauthenticated attacker can use the attachment download endpoint as an oracle to determine the seed in use and derive encryption keys and initialization vectors to forge sharing tokens for arbitrary emails, attachments, or file storage contents without prior access to the targeted content.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-40514 affects SmarterTools SmarterMail builds prior to version 9610. The vulnerability arises from the use of DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, limiting the seed space to approximately 19,000 values. This cryptographic weakness allows an unauthenticated attacker to leverage the attachment download endpoint as an oracle to recover the seed and subsequently derive encryption keys and initialization vectors. With these, the attacker can forge sharing tokens to access arbitrary emails, attachments, or file storage contents without prior access. The CVSS 4.0 base score is 8.2, indicating high severity. No vendor advisory or patch information is currently provided.
Potential Impact
An unauthenticated attacker can exploit this vulnerability to bypass access controls on file and email sharing endpoints by forging sharing tokens. This allows unauthorized access to arbitrary emails, attachments, or file storage contents. The cryptographic weakness significantly reduces the complexity of key derivation, making token forgery feasible. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, organizations should consider restricting access to the affected endpoints and monitor for suspicious activity related to sharing token usage. Avoid relying on the affected versions of SmarterMail for sensitive file and email sharing. Do not assume the vulnerability is mitigated without vendor confirmation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-04-13T20:29:02.809Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69ef79fcba26a39fba368ba3
Added to database: 4/27/2026, 3:00:12 PM
Last enriched: 4/27/2026, 3:15:06 PM
Last updated: 4/28/2026, 1:46:11 AM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.