SmarterTools has issued an urgent call to action for users of its SmarterMail email software, following the discovery and patching of multiple severe security vulnerabilities. Among them is a critical unauthenticated Remote Code Execution (RCE) flaw, carrying a staggering CVSS score of 9.3, which could allow attackers to seize control of vulnerable systems. Users are strongly advised to update their installations immediately to safeguard against potential breaches.
Critical RCE Flaw: CVE-2026-24423 Uncovered
The most alarming of the recently addressed vulnerabilities is CVE-2026-24423, an unauthenticated RCE flaw found within the ConnectToHub API method of SmarterMail. This vulnerability, rated 9.3 on the CVSS scale, presents a significant risk. According to CVE.org, an attacker could manipulate SmarterMail to connect to a malicious HTTP server, which would then deliver and execute arbitrary operating system commands on the vulnerable application.
This critical security hole was brought to light through the collaborative efforts of watchTowr researchers Sina Kheirkhah and Piotr Bazydlo, CODE WHITE GmbH’s Markus Wulftange, and VulnCheck’s Cale Black. SmarterTools swiftly responded, releasing a patch in Build 9511 on January 15, 2026, to mitigate this severe threat.
Active Exploitation: Another Critical Flaw (CVE-2026-23760)
Compounding the urgency, the same Build 9511 also addresses another critical vulnerability, CVE-2026-23760, which also boasts a CVSS score of 9.3. Disturbingly, this flaw has already been observed under active exploitation in the wild, underscoring the immediate need for all SmarterMail users to upgrade their systems without delay.
Medium-Severity NTLM Relay Vulnerability: CVE-2026-25067
Beyond the critical RCE issues, SmarterTools has also rolled out fixes for a medium-severity security vulnerability, CVE-2026-25067, with a CVSS score of 6.9. This flaw, described as an unauthenticated path coercion affecting the “background-of-the-day preview endpoint,” could enable sophisticated NTLM relay attacks and unauthorized network authentication.
VulnCheck elaborated on the mechanism, explaining that “The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation.” On Windows systems, this oversight allows for the resolution of Universal Naming Convention (UNC) paths, compelling the SmarterMail service to initiate outbound SMB authentication attempts to attacker-controlled hosts. Such an exploit can be leveraged for credential coercion, NTLM relay attacks, and unauthorized network authentication. This particular vulnerability was patched in Build 9518, released on January 22, 2026.
Immediate Action Required
With two critical SmarterMail vulnerabilities having been actively exploited in recent days, the message to users is unequivocal: update your SmarterMail installations to the latest versions (Build 9511 and Build 9518, or newer) as a matter of extreme priority. Proactive patching is the most effective defense against these potent threats and ensures the integrity and security of your email infrastructure.
Stay informed on the latest cybersecurity developments by following us on Google News, Twitter, and LinkedIn for exclusive content and timely alerts.
For more details, visit our website.
Source: Link
