vulnerability
SmarterTools SmarterMail: CVE-2026-23760: Authentication Bypass Using an Alternate Path or Channel
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Jan 22, 2026 | Jan 28, 2026 | Jan 28, 2026 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jan 22, 2026
Added
Jan 28, 2026
Modified
Jan 28, 2026
Description
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host.
Solution
smartertools-smartermail-upgrade-latest
References
- CVE-2026-23760
- https://attackerkb.com/topics/CVE-2026-23760
- URL-https://code-white.com/public-vulnerability-list/#authenticationserviceforceresetpassword-missing-authentication-in-smartermail
- URL-https://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass/
- URL-https://www.smartertools.com/smartermail/release-notes/current
- URL-https://www.vulncheck.com/advisories/smartertools-smartermail-authentication-bypass-via-password-reset-api
- CWE-288
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.