Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)

The Cybersecurity and Infrastructure Security Agency added CVE-2026-24423 affecting SmarterMail to its Known Exploited Vulnerabilities catalog. The vulnerability is being exploited in ransomware attacks. The flaw stems from missing authentication for the ConnectToHub API. It affects versions before v100.0.9511 and allows unauthenticated attackers to achieve remote code execution Researchers from watchTowr, CODE WHITE GmbH and VulnCheck independently reported the issue. Cale Black of VulnCheck explained that the connect-to-hub endpoint processes remote addresses in the hubAddress parameter and permits an attacker-controlled server to define arbitrary command execution parameters through the CommandMount response. On February 9, 2026, SmarterTools was breached