SmarterTools has addressed two additional security flaws in its SmarterMail email software. One of them is a critical security flaw that could lead to the execution of arbitrary code.
This vulnerability is tracked as CVE-2026-24423 and has a CVSS score of 9.3 out of 10.0.
According to the flaw description on CVE.org, “SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method.”
“An attacker could point SmarterMail to a malicious HTTP server serving a malicious OS. [operating system] Instructions. This command is executed by a vulnerable application. ”
researchers Sina Kheirkhah and Piotr Bazydlo from watchTowr, Markus Wulftange from CODE WHITE GmbH, and Cale Black from VulnCheck are credited with discovering and reporting this vulnerability.
This security hole was resolved in version build 9511, released on January 15, 2026. The same build also patched another critical flaw (CVE-2026-23760, CVSS score: 9.3) that has since become exploitable in the wild.
Additionally, SmarterTools has shipped a fix that resolves a medium-severity security vulnerability (CVE-2026-25067, CVSS score: 6.9) that could make it easier for attackers to conduct NTLM relay attacks and fraudulent network authentication.
This is described as a case of unauthenticated path enforcement affecting the background preview endpoint of the day.
“The application base64-decodes the input provided by the attacker and uses it as a file system path without validating it,” VulnCheck noted in its warning.
“On Windows systems, this allows UNC [Universal Naming Convention] Once the path is resolved, the SmarterMail service begins outbound SMB authentication attempts to the attacker-controlled host. This can be exploited for credential enforcement, NTLM relay attacks, and fraudulent network authentication. ”
This vulnerability was fixed in build 9518, released on January 22, 2026. Two vulnerabilities in SmarterMail have been exploited in the past week, so it’s important that users update to the latest version as soon as possible.
Source link
