Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

CISA Warns of Critical SmarterMail RCE Flaw Used in Ransomware Attacks



CISA Warns of Critical SmarterMail RCE Flaw Used in Ransomware Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that ransomware actors are exploiting a critical vulnerability in SmarterMail, a self-hosted email server and collaboration platform used by 15 million users across 120 countries. This vulnerability allows for remote code execution without authentication, making it a prime target for hackers. CISA urges federal agencies and entities to patch this flaw as soon as possible to avoid potential ransomware attacks.

  • SmarterMail, a self-hosted email server and collaboration platform with 15 million users worldwide, has been identified as vulnerable to hacking due to its ConnectToHub API method.
  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that ransomware actors are exploiting the vulnerability, which allows for remote code execution without authentication.
  • CISA has marked the vulnerability, CVE-2026-24423, as actively exploited in ransomware campaigns and urges affected users to apply security updates or stop using the product by February 26, 2026.
  • A second authentication bypass flaw has been discovered, allowing attackers to reset administrator passwords without verification.
  • SmarterMail has fixed additional security flaws and recommends updating to the latest build (9526) released on January 30.
  • The exploits highlight the importance of timely software updates and robust cybersecurity measures, particularly for widely used products like SmarterMail.



    • SmarterMail, a self-hosted email server and collaboration platform used by approximately 15 million users across 120 countries, has been identified as a prime target for hackers due to its vulnerability to exploitation via the ConnectToHub API method. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that ransomware actors have already begun exploiting this critical flaw, which was discovered and disclosed responsibly by security researchers at watchTowr, CODE WHITE, and VulnCheck cybersecurity companies.

    The CVE-2026-24423 flaw, according to CISA, allows for remote code execution (RCE) without authentication. This means that an attacker can manipulate the SmarterMail instance to point to a malicious HTTP server serving an OS command, which could lead to command execution. This is particularly concerning as it enables hackers to gain unauthorized access and control over critical systems.

    CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and marked it as actively exploited in ransomware campaigns. The agency has issued guidance to federal agencies and entities with obligations under BOD 22-01, urging them to either apply the security updates and vendor-suggested mitigations or stop using the product by February 26, 2026.

    In addition to this critical flaw, watchTowr researchers have discovered another authentication bypass flaw (internally tracked as WT-2026-0001), which permits resetting the administrator password without any verification. This has been exploited by hackers shortly after SmarterTools released a patch for the initial flaw.

    SmarterMail has since fixed additional security flaws rated “critical,” and it is highly recommended that system administrators update to the most recent build, currently 9526, released on January 30.

    The recent exploits demonstrate the importance of timely software updates and robust cybersecurity measures. SmarterTools' product has been widely adopted by managed service providers, small and medium-sized businesses, and hosting companies offering email services. Given its widespread use, it is essential for these organizations to prioritize patching this vulnerability as soon as possible.

    Furthermore, the ongoing threat landscape demands that users remain vigilant in protecting themselves from such attacks. This includes implementing robust security measures, such as regular software updates, strong passwords, and reputable antivirus software.

    In conclusion, the SmarterMail RCE flaw highlights the need for organizations to prioritize their cybersecurity posture. With hackers continually exploiting vulnerabilities in widely used products, it is crucial that users stay informed about potential threats and take proactive steps to protect themselves.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/CISA-Warns-of-Critical-SmarterMail-RCE-Flaw-Used-in-Ransomware-Attacks-ehn.shtml

  • https://www.bleepingcomputer.com/news/security/cisa-warns-of-smartermail-rce-flaw-used-in-ransomware-attacks/

  • https://www.securityweek.com/critical-smartermail-vulnerability-exploited-in-ransomware-attacks/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-24423

  • https://www.cvedetails.com/cve/CVE-2026-24423/

  • https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html

  • https://www.csoonline.com/article/4126269/notepad-infrastructure-hijacked-by-chinese-apt-in-sophisticated-supply-chain-attack.html

  • https://cloud.google.com/security/resources/insights/apt-groups

  • https://cybernews.com/security/state-sponsored-hackers-behind-notepad-plus-plus-hack/

  • https://www.vulncheck.com/blog/understanding-apts

  • https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/


    • Published: Fri Feb 6 14:15:32 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us