{"id":210722,"date":"2026-02-06T04:48:00","date_gmt":"2026-02-06T09:48:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/06\/u-s-cisa-adds-smartertools-smartermail-and-react-native-community-cli-flaws-to-its-known-exploited-vulnerabilities-catalog\/"},"modified":"2026-02-06T12:45:20","modified_gmt":"2026-02-06T17:45:20","slug":"u-s-cisa-adds-smartertools-smartermail-and-react-native-community-cli-flaws-to-its-known-exploited-vulnerabilities-catalog","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/06\/u-s-cisa-adds-smartertools-smartermail-and-react-native-community-cli-flaws-to-its-known-exploited-vulnerabilities-catalog\/","title":{"rendered":"U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/187675\/security\/u-s-cisa-adds-smartertools-smartermail-and-react-native-community-cli-flaws-to-its-known-exploited-vulnerabilities-catalog.html\">U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/187675\/security\/u-s-cisa-adds-smartertools-smartermail-and-react-native-community-cli-flaws-to-its-known-exploited-vulnerabilities-catalog.html\">https:\/\/securityaffairs.com\/187675\/security\/u-s-cisa-adds-smartertools-smartermail-and-react-native-community-cli-flaws-to-its-known-exploited-vulnerabilities-catalog.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-06 04:48:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> February 06, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2020\/07\/CISA.jpeg?fit=700%2C368&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog.<\/h2>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities (KEV) catalog.<\/p>\n<p>Below are the flaws added to the catalog:<\/p>\n<ul class=\"wp-block-list\">\n<li>CVE-2025-11953\u00a0React Native Community CLI OS Command Injection Vulnerability<\/li>\n<li>CVE-2026-24423\u00a0SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability<\/li>\n<\/ul>\n<p>Attackers are actively exploiting a critical flaw in the React Native CLI Metro server, tracked as\u00a0CVE-2025-11953. The React Native CLI\u2019s Metro dev server binds to external interfaces by default and exposes a command injection flaw. Unauthenticated attackers can send POST requests to execute arbitrary programs, and on Windows can also run shell commands with fully controlled arguments.<\/p>\n<p>\u201cThe Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables.\u201d reads the\u00a0advisory. \u201cOn Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.\u201d<\/p>\n<p>Metro is the JavaScript bundler and dev server used by React Native. By default, it can expose an endpoint that lets unauthenticated attackers run OS commands on Windows.<\/p>\n<p>VulnCheck researchers observed consistent, real-world attacks weeks before broad disclosure.<\/p>\n<p>VulnCheck spotted real-world exploitation of&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/187675\/security\/u-s-cisa-adds-smartertools-smartermail-and-react-native-community-cli-flaws-to-its-known-exploited-vulnerabilities-catalog.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited&#8230;<\/p>\n","protected":false},"author":1,"featured_media":210723,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2020\/07\/CISA.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-210722","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210722"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=210722"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210722\/revisions"}],"predecessor-version":[{"id":210724,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210722\/revisions\/210724"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/210723"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=210722"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=210722"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=210722"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}