SmarterTools has resolved two high-priority security holes found in its SmarterMail program for sending and receiving emails (or just mailing), including one that allows an attacker to take control of an email server remotely (a remote code execution vulnerability) and has been utilized maliciously by attackers (i.e., exploited in the wild). All current users of SmarterMail are urged to upgrade to the latest (February 7, 2026) version of the software as soon as possible.
CVE-2026-24423 (Arbitrary Code Execution (RCE))
1. Severity rating: CVSS Score of 9.3 ; on a scale of 0 - 10.
2. Vulnerable components: ConnectToHub API method for Smarter Mail versions earlier than 9511.
3. Consequence of the exploit: An attacker who does not already have access to the email server can set up a malicious HTTP server and convince a victim's SmarterMail to execute arbitrary OS commands.
4. Discovered by: Sina Kheirkhah, Piotr Bazydlo, Markus Wulftange and Cale Black
5. Fixed by: SmarterMail Build #9511 (January 15, 2026)
CVE-2026-23760 (Active Exploited Critical Vulnerability)
1. CVSS: 9.3/10.0
2. Because it has been actively exploited in the wild , an emergency patch has been released for same build 9511 ) .
3. The details surrounding the flaw have not been disclosed; SmarterTools did confirm that all patches will prevent the active exploitation of email servers only.
CVE-2026-25067 (NTLM Relay / Path Coercion)
1. CVSS Rating: 6.9/10 – Moderate
2. Description: SmarterMail backend is validating base64 encoded user input for a user-defined background image on the user account page.
3. Result: Utilizing UNC paths for user accounts using Windows operating systems, will allow an administrator to create outbound SMB relay authentication to an attacker-controlled location; allowing:
a. Coercion of user credentials;
b. NTLM relay attacks;
c. User account hijacking via remote network authentication.
4. Fix: SmarterMail Build #9518 Released on 1/22/2026.
Recommendations for Security
1. Quickly upgrade your software version install to 9518 or greater.
2. Log suspicious outbound API and SMB activity using your logging software.
3. If possible, limit access to the SmarterMail server through network.
4. Monitor all NTLM traffic for relay and credential theft attempts.
“Two vulnerabilities impacted SmarterMail over the last 7 days, and if you are currently running anything prior to 9518, are vulnerable to a serious compromise!” said VulnCheck.
Source: The Hacker News
January 30, 2026
January 30, 2026
January 30, 2026
September 16, 2024
January 17, 2026
November 25, 2025
© 2016 - 2026 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067
