Shadowserver has identified over 6,000 SmarterMail servers globally that are vulnerable to automated hijacking attacks due to a critical authentication bypass vulnerability, tracked as CVE-2026-23760. The flaw resides in the password reset API, allowing unauthenticated attackers to reset system administrator passwords without needing an existing token or verification. This compromise can lead to full administrative control and remote code execution on the host server.
SmarterTools released build 9511 to address the issue on January 15, following reports from cybersecurity firm watchTowr. Despite the patch availability, massive exploitation has been observed in the wild, prompting CISA to add the vulnerability to its Known Exploited Vulnerabilities catalog. Security researchers emphasize the urgency of updating instances, as proof-of-concept exploits are publicly available and being used in automated campaigns.
Top comments (0)