CVE-2026-23760 | THREATINT

Description

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance.

PUBLISHED Reserved 2026-01-15 | Published 2026-01-22 | Updated 2026-01-23 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-288 Authentication Bypass Using an Alternate Path or Channel

Product status

Default status

unaffected

Any version before 100.0.9511

affected

Credits

Piotr Bazydlo & Sina Kheirkhah of watchTowr finder

References

www.smartertools.com/smartermail/release-notes/current release-notes patch

labs.watchtowr.com/...-smartermail-wt-2026-0001-auth-bypass/ technical-description exploit

www.vulncheck.com/...ntication-bypass-via-password-reset-api third-party-advisory

cve.org (CVE-2026-23760)

nvd.nist.gov (CVE-2026-23760)

Download JSON