← back
CVE-2026-23760

SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API

CVSS 9.3 CRITICALEPSS 96.3%● KEVCWE-288
In short

SmarterMail versions before build 9511 allow anyone to reset administrator passwords without authentication, giving attackers complete control over the email server and the computer it runs on.

Technical detail

The password reset API endpoint accepts unauthenticated requests and lacks token or password verification for administrator accounts, enabling an attacker to supply a target username and new password to achieve full administrative compromise. SmarterMail admin privileges permit OS command execution, effectively granting SYSTEM/root access on the host.

Summary generated and translated by AI from the official description.
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
SmarterTools · SmarterMail
public PoCs found2
githubgithub.com/HORKimhab/CVE-2026-00010cve_referencelabs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://code-white.com/public-vulnerability-list/#authenticationserviceforceresetpassword-missing-authentication-in-smartermailhttps://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-23760https://www.huntress.com/blog/smartermail-account-takeover-leading-to-rcehttps://www.smartertools.com/smartermail/release-notes/currenthttps://www.vulncheck.com/advisories/smartertools-smartermail-authentication-bypass-via-password-reset-api