CVE-2026-24423 - SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability
Project:SmarterTools
Product:SmarterMail
Date Added:2026-02-05Due Date:2026-02-26
Vulnerability Name
SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability
Description
SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://www.smartertools.com/smartermail/release-notes/current
https://www.cve.org/CVERecord?id=CVE-2026-24423
https://nvd.nist.gov/vuln/detail/CVE-2026-24423
Related News Articles
Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail ServerFebruary 10, 2026
Hackers breach SmarterTools network using flaw in its own softwareFebruary 10, 2026
Ransomware group breached SmarterTools via flaw in its SmarterMail deploymentFebruary 9, 2026
CISA warns of SmarterMail RCE flaw used in ransomware attacksFebruary 7, 2026