CVE-2026-24423
SmarterTools SmarterMail < Build 9511 Unauthenticated RCE via ConnectToHub API
In short
SmarterMail versions before build 9511 allow anyone to run malicious commands on the server without needing a password, by tricking the application into connecting to an attacker-controlled server.
Technical detail
The ConnectToHub API method lacks authentication checks (CWE-306), allowing unauthenticated attackers to redirect the application to a malicious HTTP endpoint that serves arbitrary OS commands, resulting in remote code execution with application privileges.
Summary generated and translated by AI from the official description.
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
SmarterTools · SmarterMailWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://code-white.com/public-vulnerability-list/#systemadminsettingscontrollerconnecttohub-missing-authentication-in-smartermailhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24423https://www.smartertools.com/smartermail/release-notes/currenthttps://www.vulncheck.com/advisories/smartertools-smartermail-unauthenticated-rce-via-connecttohub-api