{"id":207444,"date":"2026-01-27T10:34:00","date_gmt":"2026-01-27T15:34:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/01\/27\/shadowserver-finds-6000-likely-vulnerable-smartermail-servers-exposed-online\/"},"modified":"2026-01-28T13:45:15","modified_gmt":"2026-01-28T18:45:15","slug":"shadowserver-finds-6000-likely-vulnerable-smartermail-servers-exposed-online","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/01\/27\/shadowserver-finds-6000-likely-vulnerable-smartermail-servers-exposed-online\/","title":{"rendered":"Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online"},"content":{"rendered":"

Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online<\/a><\/p>\n

https:\/\/securityaffairs.com\/187394\/hacking\/shadowserver-finds-6000-likely-vulnerable-smartermail-servers-exposed-online.html<\/a><\/p>\n

Publish Date: 2026-01-27 10:34:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ January 27, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

Shadowserver researchers found 6,000+ SmarterMail servers exposed online and likely vulnerable to a critical auth bypass flaw.<\/h2>\n

Nonprofit security organization Shadowserver reported that over 6,000 SmarterMail servers are exposed on the internet and likely vulnerable to attacks exploiting a critical authentication bypass flaw tracked as CVE-2026-23760. Cybersecurity firm watchTowr disclosed the vulnerability on January 8, and SmarterTools addressed it on January 15, without assigning a CVE.<\/p>\n

\u201cSmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts.\u201d reads the advisory. \u201cAn unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance.\u201d<\/p>\n

watchTowr researchers released a proof-of-concept exploit that only needs the admin username.<\/p>\n

An unauthenticated attacker can exploit the flaw to hijack administrator accounts and achieve remote code execution on the target, potentially leading to a full takeover of vulnerable servers.<\/p>\n

Shadowserver reported that over 6,000 SmarterMail servers\u00a0are likely vulnerable, based on their version check. The researchers also observed exploitation attempts in attacks in the wild.<\/p>\n

We added SmarterTools SmarterMail CVE-2026-23760 RCE to our daily Vulnerable HTTP scans. Around 6000 IPs globally found likely vulnerable based on our version check. We also see exploitation attempts in the wild. <\/p>\n

CVE-2026-23760 Geo Treemap View: https:\/\/t.co\/QqZ674VxXG pic.twitter.com\/jDufbmo67s<\/p>\n

\u2014 The…
\n
Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online https:\/\/securityaffairs.com\/187394\/hacking\/shadowserver-finds-6000-likely-vulnerable-smartermail-servers-exposed-online.html Publish Date: 2026-01-27 10:34:00 Source…<\/p>\n","protected":false},"author":1,"featured_media":207445,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2026\/01\/image-59.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-207444","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207444"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=207444"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207444\/revisions"}],"predecessor-version":[{"id":207446,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207444\/revisions\/207446"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/207445"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=207444"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=207444"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=207444"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}