{"id":207137,"date":"2026-01-27T09:09:00","date_gmt":"2026-01-27T14:09:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/01\/27\/over-6000-smartermail-servers-exposed-to-automated-hijacking-attacks\/"},"modified":"2026-01-27T16:35:12","modified_gmt":"2026-01-27T21:35:12","slug":"over-6000-smartermail-servers-exposed-to-automated-hijacking-attacks","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/01\/27\/over-6000-smartermail-servers-exposed-to-automated-hijacking-attacks\/","title":{"rendered":"Over 6,000 SmarterMail servers exposed to automated hijacking attacks"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/over-6-000-smartermail-servers-exposed-to-automated-hijacking-attacks\/\">Over 6,000 SmarterMail servers exposed to automated hijacking attacks<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/over-6-000-smartermail-servers-exposed-to-automated-hijacking-attacks\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/over-6-000-smartermail-servers-exposed-to-automated-hijacking-attacks\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-27 09:09:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability.<\/p>\n<p>Cybersecurity company watchTowr reported the security flaw to developer SmarterTools on January 8, which released a fix on January 15 without assigning an identifier.<\/p>\n<p>The vulnerability was later assigned CVE-2026-23760 and rated critical severity, as it allows unauthenticated attackers to hijack admin accounts and gain remote code execution on the host, enabling them\u00a0to take control of vulnerable servers.<\/p>\n<p> <img decoding=\"async\" src=\"https:\/\/www.bleepstatic.com\/c\/w\/wiz\/AI-Data-Security-970x250.png\" alt=\"Wiz\" style=\"margin-top: 0px;\"\/><\/p>\n<p>&#8220;SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API,&#8221; according to an advisory added to the NIST national vulnerability database on Thursday.<\/p>\n<p>&#8220;The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance.&#8221;<\/p>\n<p>watchTowr discovered this auth bypass flaw two weeks after finding another critical pre-auth vulnerability in SmarterMail\u00a0(CVE-2025-52691) that can allow attackers to gain remote code execution on unpatched servers.<\/p>\n<p>On Monday, Shadowserver revealed that it&#8217;s tracking over 6,000 SmarterMail servers (more than 4,200 across North America and nearly 1,000 in Asia) flagged as &#8220;likely vulnerable&#8221; to ongoing CVE-2026-23760 attacks.<\/p>\n<p><img decoding=\"async\" alt=\"Internet-exposed SmarterMail servers\" height=\"377\" src=\"https:\/\/www.bleepstatic.com\/images\/news\/u\/1109292\/2026\/Internet-exposed%20SmarterMail%20servers.png\" width=\"700\"\/>Internet-exposed SmarterMail servers (Shadowserver)<\/p>\n<p>\u200b\u200bMacnica threat researcher Yutaka Sejiyama has also told BleepingComputer that his scans returned over 8,550 SmarterMail instances still vulnerable to CVE-2026-23760 attacks.<\/p>\n<p>watchTowr, who shared a proof-of-concept exploit that only requires prior knowledge of the administrator account&#8217;s username,&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/over-6-000-smartermail-servers-exposed-to-automated-hijacking-attacks\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Over 6,000 SmarterMail servers exposed to automated hijacking attacks https:\/\/www.bleepingcomputer.com\/news\/security\/over-6-000-smartermail-servers-exposed-to-automated-hijacking-attacks\/ Publish Date: 2026-01-27 09:09:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":207138,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2026\/01\/27\/Email.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,31,27],"class_list":["post-207137","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207137"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=207137"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207137\/revisions"}],"predecessor-version":[{"id":207139,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207137\/revisions\/207139"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/207138"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=207137"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=207137"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=207137"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}