THREATOPS
THREAT OPSCVEs › CVE-2026-24423

CVE-2026-24423 — SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability

CISA KEVExploited: confirmedSmarterTools

SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution.

Vulnerability details