Vulnerability Description
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smartertools | Smartermail | < 100.0.9511 |
Related Weaknesses (CWE)
References
- https://code-white.com/public-vulnerability-list/#systemadminsettingscontrollercThird Party Advisory
- https://www.smartertools.com/smartermail/release-notes/currentRelease Notes
- https://www.vulncheck.com/advisories/smartertools-smartermail-unauthenticated-rcThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-US Government Resource
FAQ
What is CVE-2026-24423?
CVE-2026-24423 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the mal...
How severe is CVE-2026-24423?
CVE-2026-24423 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-24423?
Check the references section above for vendor advisories and patch information. Affected products include: Smartertools Smartermail.