SmarterMail Addresses Critical Unauthenticated Remote Code Execution Vulnerability
SmarterTools has recently released critical security updates for its SmarterMail email software, addressing a severe vulnerability that could allow unauthenticated remote code execution (RCE). This flaw, identified as CVE-2026-24423, carries a CVSS score of 9.3 out of 10, underscoring its high severity.
Understanding CVE-2026-24423
The vulnerability resides in the ‘ConnectToHub’ API method of SmarterMail versions prior to build 9511. An attacker could exploit this flaw by directing SmarterMail to connect to a malicious HTTP server, which then serves a harmful operating system command. This command would be executed by the vulnerable application, potentially leading to full system compromise.
Discovery and Reporting
The vulnerability was discovered and reported by security researchers Sina Kheirkhah and Piotr Bazydlo from watchTowr, Markus Wulftange from CODE WHITE GmbH, and Cale Black from VulnCheck. Their collaborative efforts have been instrumental in identifying and mitigating this critical security issue.
Patch Release and Additional Fixes
SmarterTools addressed this vulnerability in Build 9511, released on January 15, 2026. This build also patches another critical flaw, CVE-2026-23760, which has been actively exploited in the wild. Additionally, a medium-severity vulnerability, CVE-2026-25067, was fixed in Build 9518, released on January 22, 2026. This particular flaw could allow attackers to facilitate NTLM relay attacks and unauthorized network authentication.
Technical Details of CVE-2026-25067
CVE-2026-25067 is described as an unauthenticated path coercion vulnerability affecting the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows Universal Naming Convention (UNC) paths to be resolved, causing the SmarterMail service to initiate outbound SMB authentication attempts to attacker-controlled hosts. This can be exploited for credential coercion, NTLM relay attacks, and unauthorized network authentication.
Implications and Recommendations
The discovery and patching of these vulnerabilities highlight the critical importance of timely software updates. Given the severity and potential for exploitation, it is imperative for all SmarterMail users to update to the latest versions immediately. Failure to do so could leave systems vulnerable to unauthorized access, data breaches, and other malicious activities.
Conclusion
In the ever-evolving landscape of cybersecurity threats, proactive measures such as regular software updates and vigilant monitoring are essential. The swift response by SmarterTools and the collaborative efforts of the security research community serve as a reminder of the importance of addressing vulnerabilities promptly to safeguard digital assets.
