CVE-2026-24423

Critical KEV CVSS: 9.3

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.

Vendor

Smartertools

Product

Smartermail

CWE

CWE-306

Yayın Tarihi

2026-01-23 17:16:13

Güncelleme

2026-02-06 16:45:15

Source Identifier

disclosure@vulncheck.com

KEV Date Added

2026-02-05

Kategoriler

CWE-306 Smartermail CRITICAL Smartertools 2026

Referanslar

https://code-white.com/public-vulnerability-list/#systemadminsettingscontrollerconnecttohub-missing-authentication-in-smartermail https://www.smartertools.com/smartermail/release-notes/current https://www.vulncheck.com/advisories/smartertools-smartermail-unauthenticated-rce-via-connecttohub-api https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24423

Benzer Kayıtlar

Medium

CVE-2026-25067

SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the bac…

Critical

CVE-2026-23760

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password res…

Medium

CVE-2020-36926

SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent…

Critical

CVE-2025-52691

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any lo…