291 matches found
CVE-2026-24423
CVE-2026-24423 affects SmarterTools SmarterMail builds prior to 9511, where the ConnectToHub API exposes an unauthenticated remote code execution. The vulnerability allows an attacker to direct a SmarterMail instance to a malicious HTTP server that serves an OS command executed by the vulnerable ...
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...
Exploit for Unrestricted Upload of File with Dangerous Type in Smartertools Smartermail
CVE-2025-52691 / WT-2026-0001 SmarterMail Exploit 🚨 IMPORT...
SmarterTools SmarterMail access control vulnerability
SmarterTools SmarterMail is a set of email server software developed by SmarterTools Corporation. This software supports features such as spam filtering, data statistics, and Simple Mail Transfer Protocol SMTP authentication. Versions of SmarterTools SmarterMail prior to build 9511 had an access...
📄 SmarterTools SmarterMail GUID File Upload
This Metasploit module exploits a pre-authentication remote code execution vulnerability in SmarterTools SmarterMail before version 100.0.9413. The endpoint /api/upload fails to sanitize the contextData POST parameter which can contain JSON data with a "guid" key that allows directory traversal. ...
SmarterTools SmarterMail GUID File Upload Vulnerability
This module exploits a pre-auth remote code execution vulnerability in SmarterTools SmarterMail before version 100.0.9413. The endpoint /api/upload fails to sanitize the contextData POST parameter which can contain JSON data with a "guid" key that allows directory traversal. By leveraging this...
WT-2026-0001
SmarterMail WT-2026-0001 Authentication Bypass Exploit 📌 O...
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...
CVE-2026-23760 SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...
CVE-2026-23760 SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...
CVE-2026-23760
SmarterTools SmarterMail versions before build 9511 are affected by an authentication bypass in the password reset API. The force-reset-password endpoint allows anonymous requests and does not verify the current password or a reset token when resetting system administrator accounts, enabling an u...
SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release
A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001. It was patched by SmarterTools on...
VulnCheck KEV: CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...
SmarterTools SmarterMail security vulnerability
SmarterTools SmarterMail is a set of email server software developed by SmarterTools Corporation. This software supports features such as spam filtering, data statistics, and Simple Mail Transfer Protocol SMTP authentication. Previous versions of SmarterTools SmarterMail, including the 9511...
PT-2026-3941
Name of the Vulnerable Software and Affected Versions: SmarterTools SmarterMail versions prior to build 9511 Description: SmarterTools SmarterMail contains an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint at /api/v1/admin/force-reset-password...
PT-2026-4520
Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to build 9511 Description An issue exists in the 'ConnectToHub' API method, specifically at the endpoint '/api/v1/settings/sysadmin/connect-to-hub', due to missing authentication for a critical function...
Exploit for Missing Authorization in Givewp
CVE-2025-2025-52691-SmarterMail-Exp Environment Setup S...
Exploit for Unrestricted Upload of File with Dangerous Type in Smartertools Smartermail
CVE-2025-52691 SmarterMail Pre-Auth RCE SmarterMail Pre-Auth...