3 matches found
Exploit for CVE-2026-23760
SmarterMail-CVE-2026-23760-poc A proof-of-concept exploiting...
CVE-2026-24423
CVE-2026-24423 affects SmarterTools SmarterMail builds prior to 9511, where the ConnectToHub API exposes an unauthenticated remote code execution. The vulnerability allows an attacker to direct a SmarterMail instance to a malicious HTTP server that serves an OS command executed by the vulnerable ...
CVE-2026-23760
SmarterTools SmarterMail versions before build 9511 are affected by an authentication bypass in the password reset API. The force-reset-password endpoint allows anonymous requests and does not verify the current password or a reset token when resetting system administrator accounts, enabling an u...