Threat Intelligence / CVE / CVE-2026-24423

CVE-2026-24423

CISA KEVRansomware

CVSS 9.8 (CRITICAL) · EPSS 66.4% · Published 2026-01-23

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-306

Threats tracking this CVE

SmarterMail Dual-CVE Pre-Auth RCE Chain — CVE-2026-23760 Admin Password Reset + CVE-2026-24423 ConnectToHub RCE, CISA KEV, Mass Automated Exploitation, 2-Day Patch Weaponization via .NET Decompiler — CRITICAL

References

https://code-white.com/public-vulnerability-list/#systemadminsettingscontrollerconnecttohub-missing-authentication-in-smartermail
https://www.smartertools.com/smartermail/release-notes/current
https://www.vulncheck.com/advisories/smartertools-smartermail-unauthenticated-rce-via-connecttohub-api
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24423

Full detection coverage & IOCs for threats exploiting CVE-2026-24423 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence