CVE-2026-24423

⚠ KEVEPSS 83.4%

SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability

Added to CISA KEV: 2/5/2026

Description

SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution.

Affected packages (0)

No package mapping in OSV.