CVE-2020-36926

HIGH

SmarterTrack 7922 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36926. PoCs published by Andrei Manole.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in SmarterTools SmarterTrack. The POC identifies a specific endpoint that leaks agent IDs and names.

Description

SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers.

Exploits (1)

exploitdb WRITEUP
by Andrei Manole · textwebappsaspx
https://www.exploit-db.com/exploits/50328

This is a writeup describing an information disclosure vulnerability in SmarterTools SmarterTrack. The POC identifies a specific endpoint that leaks agent IDs and names.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: SmarterTools SmarterTrack versions 10.x to 14.x (Build 7922)
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 7.5
EPSS 0.0041
EPSS Percentile 32.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-497
Status published
Products (4)
Smartertools/SmarterTools SmarterTrack 10.0
Smartertools/SmarterTools SmarterTrack 14.0
smartertools/smartertrack 10.0
smartertools/smartertrack 14.0
Published Jan 16, 2026
Tracked Since Feb 18, 2026