13 matches found
SmarterMail - Remote Code Execution
SmarterTools SmarterMail build 9511 contains an unauthenticated remote code execution caused by malicious OS command execution via ConnectToHub API method, letting remote attackers execute arbitrary commands, exploit requires no authentication. id: CVE-2026-24423 info: name: SmarterMail - Remote...
SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score
SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-24423 , carries a CVSS score of 9.3 out of 10.0. "SmarterTools SmarterMail versions prior to...
SmarterMail < 100.0.9511 Auth Bypass (CVE-2026-23760)
The version of SmarterTools SmarterMail installed on the remote host is prior to 100.0.9511. It is, therefore, affected by an authentication bypass vulnerability. SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The...
CVE-2026-24423
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the...
CVE-2026-24423 SmarterTools SmarterMail < Build 9511 Unauthenticated RCE via ConnectToHub API
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the...
CVE-2026-24423
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the...
SmarterTools SmarterMail access control vulnerability
SmarterTools SmarterMail is a set of email server software developed by SmarterTools Corporation. This software supports features such as spam filtering, data statistics, and Simple Mail Transfer Protocol SMTP authentication. Versions of SmarterTools SmarterMail prior to build 9511 had an access...
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...
CVE-2026-23760 SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...
CVE-2026-23760 SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...
SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release
A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001. It was patched by SmarterTools on...
PT-2026-3941
Name of the Vulnerable Software and Affected Versions: SmarterTools SmarterMail versions prior to build 9511 Description: SmarterTools SmarterMail contains an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint at /api/v1/admin/force-reset-password...