CVE-2026-24423: SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability

CVE ID

CVE-2026-24423

Vulnerability Name

SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability

• Project: SmarterTools
• Product: SmarterMail

Date

• Date Added: 2026-02-05
• Due Date: 2026-02-26

Description

SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.smartertools.com/smartermail/release-notes/current ; https://www.cve.org/CVERecord?id=CVE-2026-24423 ; https://nvd.nist.gov/vuln/detail/CVE-2026-24423

Related Security News

• CISA warns of SmarterMail RCE flaw used in ransomware attacks

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List