SHADOWSERVER researchers reported that over 6,000 SmarterMail servers are exposed on the internet and are likely vulnerable to a critical authentication bypass flaw tracked as CVE-2026-23760. The vulnerability allows an unauthenticated attacker to reset the administrator password and gain full administrative control of the SmarterMail instance, with exploitation attempts observed in the wild.
Shadowserver noted that around 6,000 IPs globally were identified as likely vulnerable based on their version checks, with most of the affected hosts located in the United States (about 4.1K), followed by Malaysia, India, Canada, and the United Kingdom. The disclosure came after watchTowr disclosed the vulnerability on 8 January and SmarterTools released a fix on 15 January without assigning a CVE. According to the Shadowserver Foundation, CVE-2026-23760 has been added to the U.S. CISA Known Exploited Vulnerabilities catalog, prompting agencies to address the flaw by 16 February 2026.