cbcvebase.
CVE-2026-24423
published 2026-01-23

CVE-2026-24423: SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The…

PriorityP1100critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2026-02-26
Exploited in the wild
EPSS
87.69%
99.7th percentile
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.

Affected

1 ranges
VendorProductVersion rangeFixed in
smartertoolssmartermail< 100.0.9511100.0.9511

Detection & IOCsextracted from sources · hover to see the quote

otherConnectToHub
  • Check Point IPS signature available for this CVE: 'SmarterTools SmarterMail Remote Code Execution (CVE-2026-24423)'
  • The exploit chain involves SmarterMail making an outbound HTTP request to an attacker-controlled server; monitor for unexpected outbound HTTP connections originating from the SmarterMail service process.
  • Over 6,000 exposed SmarterMail servers are reportedly vulnerable; prioritize internet-facing SmarterMail instances for patching and detection coverage.
  • ·Vulnerability is present in SmarterMail builds prior to 9511; build 9511 or later is required to remediate CVE-2026-24423.
  • ·The vulnerability is unauthenticated, meaning no credentials are required for exploitation; all internet-exposed SmarterMail instances below build 9511 are at risk.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck9.3CRITICAL
cisa9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.