**SmarterTools Patches Critical SmarterMail Flaw Allowing Code Execution**

In a recent move to ensure user security, SmarterTools has patched two critical vulnerabilities in its popular SmarterMail email software. The first vulnerability, tracked as CVE-2026-24423, is a remote code execution flaw that could allow attackers to run malicious code on affected systems.

The issue was discovered by researchers Sina Kheirkhah & Piotr Bazydlo of watchTowr, Markus Wulftange of CODE WHITE GmbH, and Cale Black of VulnCheck. According to the advisory, SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method.

"The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command," reads the advisory. "This command will be executed by the vulnerable application." The researchers reported that this flaw is actively being exploited in the wild.

SmarterTools has addressed the issue in version Build 9511, bringing an end to the vulnerability's potential for harm. However, it's essential for users to update their software as soon as possible to prevent any further exploitation attempts.

**Another Critical Vulnerability Exploited in the Wild**

Furthermore, SmarterTools has also addressed another critical vulnerability, tracked as CVE-2026-23760 (CVSS score: 9.3). This flaw allows an unauthenticated attacker to hijack administrator accounts and achieve remote code execution on the target system.

Nonprofit security organization Shadowserver has reported that over 6,000 SmarterMail servers are exposed on the internet and likely vulnerable to attacks exploiting CVE-2026-23760. The researchers have also observed exploitation attempts in attacks in the wild.

Cybersecurity firm watchTowr disclosed the vulnerability on January 8, and SmarterTools addressed it on January 15, without assigning a CVE. However, the issue is now included in CISA's KeV catalog, ordering FCEB agencies to address the identified vulnerability by February 16, 2026.

**What Users Can Do**

To protect themselves from these vulnerabilities, users are advised to update their SmarterMail software to version Build 9511 as soon as possible. It's also essential for administrators to ensure that they have a robust security posture in place to prevent any potential exploitation attempts.

Users can check if their servers are vulnerable by performing a version check on the Shadowserver website. If your server is affected, it's crucial to update your software immediately to protect against potential attacks.

**Stay Informed**

To stay up-to-date with the latest security news and updates, follow me on Twitter (@securityaffairs) and Facebook. You can also join our community on Mastodon for in-depth discussions on cybersecurity topics.