Critical SmarterMail Vulnerability Exploited in Ransomware Attacks

The security defect allows unauthenticated attackers to execute arbitrary code remotely via malicious HTTP requests.

SmarterTools SmarterMail business email and collaboration servers are targeted in attacks exploiting another recent critical-severity vulnerability, the US cybersecurity agency CISA warns.

Roughly two weeks ago, security researchers raised the alarm about hackers exploiting an authentication bypass bug in SmarterMail to reset administrator account passwords and take control of vulnerable instances.

Last week, CISA added the flaw to its Known Exploited Vulnerabilities (KEV) catalog along with a second SmarterMail issue exploited in the same campaign.

Now, the cybersecurity agency warns that a third SmarterMail vulnerability, tracked as CVE-2026-24423 (CVSS score of 9.3), has been abused in the wild.

The issue is described as an unauthenticated remote code execution (RCE) flaw via the ConnectToHub API.

Because the API processes requests controlled by a remote server, attackers can define arbitrary command execution parameters that are passed ...