ACCORDING to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), SmarterTools SmarterMail and React Native Community CLI flaws have been added to its Known Exploited Vulnerabilities (KEV) catalog. The entry lists CVE-2025-11953 for the React Native Community CLI OS Command Injection vulnerability and CVE-2026-24423 for SmarterTools SmarterMail Missing Authentication for Critical Function vulnerability.
Attackers are actively exploiting CVE-2025-11953, with VulnCheck observations showing real-world exploitation of the Metro server powering the React Native CLI, including a multi‑stage, base64-encoded PowerShell loader and attempts to bypass Defender protections. The advisory notes that the Metro Development Server binds to external interfaces by default, enabling unauthenticated attackers to issue commands via a vulnerable endpoint.
CISA also notes that SmarterTools fixed two security bugs in SmarterMail Build 9511, including CVE-2026-24423, which could allow remote code execution. Federal agencies are required to address these vulnerabilities under BOD 22-01 and must fix them by 26 February 2026.