# Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)

_Friday, June 26, 2026 at 11:33 PM EDT · Cybersecurity · Latest · Tier 2 — Notable_

![Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423) — Primary](https://img.helpnetsecurity.com/wp-content/uploads/2025/03/24153119/alert-2-1500.webp)

The Cybersecurity and Infrastructure Security Agency added CVE-2026-24423 affecting SmarterMail to its Known Exploited Vulnerabilities catalog. The vulnerability is being exploited in ransomware attacks.

The flaw stems from missing authentication for the ConnectToHub API. It affects versions before v100.0.9511 and allows unauthenticated attackers to achieve remote code execution by sending a specially crafted POST request to the endpoint.

Researchers from watchTowr, CODE WHITE GmbH and VulnCheck independently reported the issue. Cale Black of VulnCheck explained that the connect-to-hub endpoint processes remote addresses in the hubAddress parameter and permits an attacker-controlled server to define arbitrary command execution parameters through the CommandMount response.

On February 9, 2026, SmarterTools was breached by ransomware attackers Storm-2603 via this vulnerability. CISA ordered US federal civilian agencies to address the issue by February 26, 2026. Users should update to the latest SmarterMail build and review logs for suspicious interactions with the unsecured endpoint.

## Sources

- [Help Net Security](https://www.helpnetsecurity.com/2026/02/06/ransomware-smartermail-cve-2026-24423/)

---
Canonical: https://techandbusiness.org/newswire/WMYow9Ig064KslncDOqMK2
Retrieved: 2026-06-27T07:30:42.397Z
Publisher: Tech & Business (techandbusiness.org)