#smartermail

[ follow ]
#remote-code-execution #ransomware #cve-2026-24423 #smartertrack #active-directory #velociraptor #warlock
#ransomware
more#ransomware
Information security
fromSecurityWeek
1 week ago

Critical SmarterMail Vulnerability Exploited in Ransomware Attacks

Critical unauthenticated RCE (CVE-2026-24423) in SmarterMail's ConnectToHub API is actively exploited; update to build 9511 to patch and mitigate ransomware attacks.
fromThe Hacker News
2 weeks ago

SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score

The vulnerability, tracked as CVE-2026-24423, carries a CVSS score of 9.3 out of 10.0. "SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method," according to a description of the flaw in CVE.org. "The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS [operating system] command. This command will be executed by the vulnerable application."
Information security
Information security
fromThe Hacker News
4 weeks ago

SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release

An authentication bypass in SmarterMail allows unauthenticated users to reset any system administrator password via /api/v1/auth/force-reset-password, enabling potential full system compromise.
fromThe Hacker News
1 month ago

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution

The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691, carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution without requiring any authentication.
Information security
[ Load more ]