SECURITYWEEK reports that SmarterTools SmarterMail servers are being targeted in attacks exploiting CVE-2026-24423, a critical unauthenticated remote code execution flaw rated CVSS 9.3, via the ConnectToHub API.
The vulnerability arises because the API processes JSON data and requests from a remote server, enabling attackers to define arbitrary command execution parameters and run them on affected systems; the attacker could point SmarterMail to a malicious HTTP server serving OS commands that are executed by the vulnerable application, according to a NIST advisory. The flaws were previously flagged as exploited, with SmarterMail build 9511 released on 15 January to patch CVE-2026-24423 and two earlier defects.
On Thursday, CISA added CVE-2026-24423 to the Known Exploited Vulnerabilities catalog and warned federal agencies they should patch by 26 February. SecurityWeek notes that CVE-2025-11953, another critical issue, had a similar patching timeframe and has been exploited in the wild, underscoring the urgency for updates. Written by Ionut Arghire, the piece highlights the ongoing exploitation of SmarterMail in ransomware campaigns.