CVE-2026-24423

Q: What is CVE-2026-24423?

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.

Q: Is CVE-2026-24423 actively exploited?

Yes. CVE-2026-24423 has been observed in active exploitation according to SSVC analysis.

Q: What is the CVSS score for CVE-2026-24423?

CVE-2026-24423 has a CVSS v3 base score of 9.8 (CRITICAL severity), with vector string 3.1.

CRITICAL Actively Exploited

SmarterTools SmarterMail < Build 9511 Unauthenticated RCE via ConnectToHub API

CVSS v3

9.8

CRITICAL

EPSS Score

82.0%

exploit probability

CISA KEV

known exploited

Exploitation

active

SSVC status

Description

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.

Technical Details

CVSS v3 Vector: 3.1
Published: 1/23/2026
Last Modified: 2/6/2026

Frequently Asked Questions

What is CVE-2026-24423?

Is CVE-2026-24423 actively exploited?

Yes. CVE-2026-24423 has been observed in active exploitation according to SSVC analysis.

What is the CVSS score for CVE-2026-24423?

CVE-2026-24423 has a CVSS v3 base score of 9.8 (CRITICAL severity), with vector string 3.1.

Is CVE-2026-24423 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.

Check an IP Search CVEs

Back to CVE Database