We need to help folks by getting the word out! SmarterMail CVE CVE-2026-25067, CVE-2026-23760, CVE-2025-52691 and CVE-2026-24423 all in the matter of several days since mid January 2026. This include both RCE and Admin Password Reset vulnerable in API.
Lot of systems are still being attacked as folks without a current license may not be aware. Folks are just finding out about this when they can't login with so called "Admin".
www.bleepingcomputer.com
watchTowr, who shared a proof-of-concept exploit that only requires prior knowledge of the administrator account's username, noted that it was tipped off about the flaw being exploited in the wild on January 21. Cybersecurity firm Huntress confirmed their report the next day, noting malicious attacks suggesting mass, automated exploitation.
I did not have easily guessed administrator account usernames so not sure what the full deal is and we find maybe more to the story. I use VMs so it was faster to build a new one and migrate the data then hunt down RATs (Remote Access Tools which were uploaded!!).
Macnica threat researcher Yutaka Sejiyama has also told BleepingComputer that his scans returned over 8,550 SmarterMail instances still vulnerable to CVE-2026-23760 attacks.
Lot of systems are still being attacked as folks without a current license may not be aware. Folks are just finding out about this when they can't login with so called "Admin".
Over 6,000 SmarterMail servers exposed to automated hijacking attacks
Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability.
watchTowr, who shared a proof-of-concept exploit that only requires prior knowledge of the administrator account's username, noted that it was tipped off about the flaw being exploited in the wild on January 21. Cybersecurity firm Huntress confirmed their report the next day, noting malicious attacks suggesting mass, automated exploitation.
I did not have easily guessed administrator account usernames so not sure what the full deal is and we find maybe more to the story. I use VMs so it was faster to build a new one and migrate the data then hunt down RATs (Remote Access Tools which were uploaded!!).
Macnica threat researcher Yutaka Sejiyama has also told BleepingComputer that his scans returned over 8,550 SmarterMail instances still vulnerable to CVE-2026-23760 attacks.
Last edited:
