9 matches found
SmarterMail < 100.0.9511 Unauthenticated RCE via ConnectToHub API (CVE-2026-24423)
The version of SmarterTools SmarterMail installed on the remote host is prior to 100.0.9511. It is, therefore, affected by a remote code execution vulnerability. SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHu...
CVE-2026-24423
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the...
CVE-2026-24423
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the...
CVE-2026-24423
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the...
CVE-2026-24423
CVE-2026-24423 affects SmarterTools SmarterMail builds prior to 9511, where the ConnectToHub API exposes an unauthenticated remote code execution. The vulnerability allows an attacker to direct a SmarterMail instance to a malicious HTTP server that serves an OS command executed by the vulnerable ...
CVE-2026-24423 SmarterTools SmarterMail < Build 9511 Unauthenticated RCE via ConnectToHub API
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the...
CVE-2026-24423
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the...
SmarterTools SmarterMail access control vulnerability
SmarterTools SmarterMail is a set of email server software developed by SmarterTools Corporation. This software supports features such as spam filtering, data statistics, and Simple Mail Transfer Protocol SMTP authentication. Versions of SmarterTools SmarterMail prior to build 9511 had an access...
PT-2026-4520
Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to build 9511 Description An issue exists in the 'ConnectToHub' API method, specifically at the endpoint '/api/v1/settings/sysadmin/connect-to-hub', due to missing authentication for a critical function...