CVE-2026-23760
CRITICAL KEV RANSOMWARE NUCLEISmarterTools SmarterMail <9511 - Auth Bypass
Title source: llmDescription
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host.
Exploits (2)
nomisec
WORKING POC
2 stars
by hilwa24 · remote
https://github.com/hilwa24/CVE-2026-23760_SmarterMail-Auth-Bypass-and-RCE
nomisec
WORKING POC
1 stars
by MaxMnMl · poc
https://github.com/MaxMnMl/smartermail-CVE-2026-23760-poc
Nuclei Templates (1)
SmarterTools SmarterMail - Admin Password Reset
CRITICALVERIFIEDby watchTowr,DhiyaneshDk
Shodan:
html:"SmarterMail"
References (6)
Scores
CVSS v3
9.8
EPSS
0.6541
EPSS Percentile
98.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Intel
CISA KEV
2026-01-26
VulnCheck KEV
2026-01-22
ENISA EUVD
EUVD-2026-4143
Ransomware Use
Confirmed
Classification
CWE
CWE-288
Status
published
Affected Products (1)
smartertools/smartermail
< 100.0.9511
Timeline
Published
Jan 22, 2026
KEV Added
Jan 26, 2026
Tracked Since
Feb 18, 2026