CVE-2026-24423

ENISA EUVD: EUVD-2026-4273 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 5 articles Published: 2026-01-23

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

82.03%

probability

This CVE has a 82.03% probability of being exploited in the next 30 days.

0% Top 99.2th percentile of all CVEs 100%

CVSS v4.0 NEW

Source: VulnerabilityLookup (CIRCL)

9.3

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

Vulnerable System Confidentiality Impact

High

Vulnerable System Integrity Impact

High

Vulnerable System Availability Impact

High

Subsequent System Confidentiality Impact

None

Subsequent System Integrity Impact

None

Subsequent System Availability Impact

None

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS v3.1

Source: NVD

9.8

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.

Affected Products

SmarterTools

SmarterMail

smartertools

smartermail

SmarterTools

SmarterMail

0 <100.0.9511

Attack Intelligence

CWE-284 · Improper Access Control CWE-287 · Improper Authentication CWE-306 · Missing Authentication

https://www.smartertools.com/smartermail/release-notes/current

release-notes patch

https://code-white.com/public-vulnerability-list/#systemadminsettingscontrollerconnecttohub-missing-authentication-in-smartermail

third-party-advisory

https://www.vulncheck.com/advisories/smartertools-smartermail-unauthenticated-rce-via-connecttohub-api

third-party-advisory

Signal Intelligence

Confidenceⓘ

85%

EPSS 82.03%

CVSS v4.0 9.3

CVSS v3.1 9.8

Mentions 5

Last Seen Feb 18, 2026

CNA Information

CNA Assigner

VulnCheck

CNA Title

SmarterTools SmarterMail < Build 9511 Unauthenticated RCE via ConnectToHub API

Analyst Note

CVE-2026-24423 is a critical SmarterMail RCE vulnerability (CVSS 9.3) explicitly documented as exploited in the wild by Warlock ransomware on January 29, 2026, prior to patch availability. CISA added it to the KEV catalog for known exploited vulnerabilities, and multiple sources confirm active exploitation and weaponization.

Threat Actors 4

APT 28

apt_group Information theft and espionage 🇷🇺 RU

TAG-28

apt_group Information theft and espionage 🇨🇳 CN

Roaming Tiger

apt_group Information theft and espionage 🇨🇳 CN

White Bear

apt_group Information theft and espionage 🇷🇺 RU

Triage Info

Decided atMar 05, 2026

Published DateJan 23, 2026