Main Vulnerability Database Vulnerabilities #VU121946

#VU121946 Improper authentication in SmarterMail - CVE-2026-23760

Published: January 22, 2026 / Updated: February 6, 2026

Vulnerability identifier: #VU121946

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2026-23760

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
SmarterMail

Software vendor:
SmarterTools Inc.

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an error in the password reset feature. A remote non-authenticated attacker can reset password of an administrative user and gain full access to the application, including ability to execute system commands.

Remediation

Install updates from vendor's website.

External links

https://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass/
https://portal.smartertools.com/community/a97681/new-user-on-google_abc_com.aspx?ref=labs.watchtowr.com

#VU121946 Improper authentication in SmarterMail - CVE-2026-23760

Description

Remediation

External links

Please verify you're human