QwikSec

Security Database

CVE

CWE

Training

CVE-2026-24423

Published: Jan 23, 2026

Modified: Mar 5, 2026

PUBLISHED

Description

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.

Vendor	Product	Versions
SmarterTools	SmarterMail	affected `0 - < 100.0.9511`

Weaknesses (CWE)

References

https://www.smartertools.com/smartermail/release-notes/current

release-notes

patch

https://code-white.com/public-vulnerability-list/#systemadminsettingscontrollerconnecttohub-missing-authentication-in-smartermail

third-party-advisory

https://www.vulncheck.com/advisories/smartertools-smartermail-unauthenticated-rce-via-connecttohub-api

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.