CVE-2026-24423: SmarterTools SmarterMail Missing Authentication for
SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability. SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution.
- CISA KEV-listed (remediation due 2026-02-26)
- used in ransomware campaigns
- EPSS 83.4% (99.3% percentile)