SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability

SmarterTools SmarterMail contains an authentication bypass using an alternate path or channel vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator...

CVE-2026-23760

SmarterTools SmarterMail versions before build 9511 are affected by an authentication bypass in the password reset API. The force-reset-password endpoint allows anonymous requests and does not verify the current password or a reset token when resetting system administrator accounts, enabling an u...

SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release

A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001. It was patched by SmarterTools on...

PT-2026-3941

Name of the Vulnerable Software and Affected Versions: SmarterTools SmarterMail versions prior to build 9511 Description: SmarterTools SmarterMail contains an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint at /api/v1/admin/force-reset-password...