- Description
- SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
- Products
- smartermail
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability
- Exploit added on
- Feb 5, 2026
- Exploit action due
- Feb 26, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- disclosure@vulncheck.com
- CWE-306
- Hype score
- Not currently trending
CISAが2つの既知の脆弱性をカタログに追加 https://t.co/0Snq0txzN1 CVE-2025-11953 React NativeコミュニティCLI OSコマンドインジェクション脆弱性 CVE-2026-24423 SmarterTools SmarterMail の重要な機能の認証が欠落している脆弱性
@cloudsec_news
6 Feb 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Adds Actively Exploited React Native CLI and SmarterMail Flaws to KEV — Patch Clock Starts Now CISA added CVE-2025-11953 (React Native Community CLI / Metro dev server OS command injection) and CVE-2026-24423 (SmarterMail unauthenticated RCE via ConnectToHub) to its K
@ThreatSynop
6 Feb 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added React Native community CLI vulnerability CVE-2025-11953 & SmarterTools SmarterMail vulnerability CVE-2026-24423 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cyber
@CISACyber
5 Feb 2026
3835 Impressions
9 Retweets
36 Likes
7 Bookmarks
3 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-33217 2 - CVE-2023-41064 3 - CVE-2026-24423 4 - CVE-2026-1281 5 - CVE-2024-12084 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
31 Jan 2026
127 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D508C7EA-385D-428C-ACD3-9E2F93F0FB31",
"versionEndExcluding": "100.0.9511"
}
],
"operator": "OR"
}
]
}
]