CVE Tools
Sign in

CVE-2026-23760

SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API

Published: Jan 22, 2026Updated: Jan 27, 2026 Sources: CVE List NVD BDUCWE-288
9.8CRITICAL
NVD MITRE
EPSS Score
96.3%
Top 0.1%
CISA KEV
Active Exploitation
Since Jan 26, 2026
Exploits
2 Known
Remediation
Patch Available

Description

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host.

No summary for this CVE yet.

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:HI:HA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High
Open in CVSS calculator →

Weaknesses

CWE-288

Affected Products

SmarterMailSmarterTools
Mixed
Communications / email-server-client
smartermailsmartertools
Mixed
Communications / email-server-client
SmarterMailSmarterTools Inc.
Mixed
Communications / email-server-client
smartertoolscommercialCommunicationsaka smartermail, smarterstats, smartertrack
smartertools inc.commercialCommunications

Exploitability

CISA Known Exploited Vulnerability
Added to KEV:Jan 26, 2026
Remediation due:Feb 16, 2026
Ransomware:Known ransomware use

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

2 exploit sources identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details
Official Patch Available
Am I actually vulnerable?1 Nuclei template available — see how to check your systems. How to verify Rather we check it for you?We'll check your whole external perimeter for exposure — free. Check my exposure

References

https://www.smartertools.com/smartermail/release-notes/current
smartertools.com
https://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass/
labs.watchtowr.com
https://code-white.com/public-vulnerability-list/#authenticationserviceforceresetpassword-missing-authentication-in-smartermail
code-white.com
and 4 more references View all →

Timeline

Published
Jan 22, 2026
Added to CISA KEV
Jan 26, 2026
Last Updated
Jan 27, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2026-23760 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows