Home

Description

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host.

PUBLISHED Reserved 2026-01-15 | Published 2026-01-22 | Updated 2026-03-05 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA Known Exploited Vulnerability

Date added 2026-01-26 | Due date 2026-02-16

Known Ransomware Campaign(s)  

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Problem types

CWE-288 Authentication Bypass Using an Alternate Path or Channel

Product status

Default status
unaffected

Any version before 100.0.9511
affected

Credits

Piotr Bazydlo & Sina Kheirkhah of watchTowr finder

Markus Wulftange of CODE WHITE GmbH finder

References

www.huntress.com/...rtermail-account-takeover-leading-to-rce third-party-advisory

www.cisa.gov/...erabilities-catalog?field_cve=CVE-2026-23760 government-resource

www.smartertools.com/smartermail/release-notes/current release-notes patch

labs.watchtowr.com/...-smartermail-wt-2026-0001-auth-bypass/ technical-description exploit

code-white.com/public-vulnerability-list/ third-party-advisory

www.vulncheck.com/...ntication-bypass-via-password-reset-api third-party-advisory

cve.org (CVE-2026-23760)

nvd.nist.gov (CVE-2026-23760)

Download JSON