Unrated severityCISA KEVNVD Advisory· Published Jan 23, 2026· Updated Mar 5, 2026
SmarterTools SmarterMail < Build 9511 Unauthenticated RCE via ConnectToHub API
CVE-2026-24423
Description
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2< build 9511+ 1 more
- (no CPE)range: < build 9511
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
3- www.smartertools.com/smartermail/release-notes/currentmitrerelease-notespatch
- code-white.com/public-vulnerability-list/mitrethird-party-advisory
- www.vulncheck.com/advisories/smartertools-smartermail-unauthenticated-rce-via-connecttohub-apimitrethird-party-advisory
News mentions
0No linked articles in our index yet.