SmarterMail is a Windows-based mail server software from SmarterTools that provides robust SMTP, IMAP, POP3 and web mail services. It offers a range of features including email, calendaring, task management, and team collaboration tools. Additionally, SmarterMail includes robust antivirus and antispam protection, and a variety of server add-ons such as detailed reporting, live chat, and an events/notifications system.

SmarterTools SmarterMail

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-52691	CRITICAL	10	SmarterTools SmarterMail	cpe:2.3:a:smartertools:smartermail	Yes	Yes	Dec 29, 2025
CVE-2026-24423	CRITICAL	9.3	SmarterTools SmarterMail	cpe:2.3:a:smartertools:smartermail	Yes	Yes	Jan 23, 2026
CVE-2026-23760	CRITICAL	9.3	SmarterTools SmarterMail	cpe:2.3:a:smartertools:smartermail	Yes	Yes	Jan 22, 2026
CVE-2026-26930	HIGH	7.2	SmarterTools SmarterMail	cpe:2.3:a:smartertools:smartermail	No	Yes	Feb 16, 2026
CVE-2026-25067	MEDIUM	6.9	SmarterTools SmarterMail	cpe:2.3:a:smartertools:smartermail	No	Yes	Jan 29, 2026

CVE-2026-24423:
SmarterTools SmarterMail vulnerability analysis and mitigation

9.3

Related SmarterTools SmarterMail vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-24423: SmarterTools SmarterMail vulnerability analysis and mitigation