{"id":210830,"date":"2026-02-06T12:16:00","date_gmt":"2026-02-06T17:16:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/06\/cisa-warns-of-smartermail-rce-flaw-used-in-ransomware-attacks\/"},"modified":"2026-02-06T18:40:20","modified_gmt":"2026-02-06T23:40:20","slug":"cisa-warns-of-smartermail-rce-flaw-used-in-ransomware-attacks","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/06\/cisa-warns-of-smartermail-rce-flaw-used-in-ransomware-attacks\/","title":{"rendered":"CISA warns of SmarterMail RCE flaw used in ransomware attacks"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-warns-of-smartermail-rce-flaw-used-in-ransomware-attacks\/\">CISA warns of SmarterMail RCE flaw used in ransomware attacks<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-warns-of-smartermail-rce-flaw-used-in-ransomware-attacks\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-warns-of-smartermail-rce-flaw-used-in-ransomware-attacks\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-06 12:16:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>The U.S. Cybersecurity and\u00a0Infrastructure Security Agency (CISA) is warning\u00a0that ransomware actors are exploiting CVE-2026-24423, a critical vulnerability in SmarterMail that allows remote code execution without authentication.<\/p>\n<p>SmarterMail is a self-hosted, Windows-based email server and collaboration platform from SmarterTools.\u00a0The product provides SMTP\/IMAP\/POP mail services along with webmail, calendars, contacts, and basic groupware functionality.<\/p>\n<p>It is commonly deployed by managed service providers (MSPs), small and medium-sized businesses, and hosting companies offering email services. According to SmarterTools, its products are used by roughly 15 million users across 120 countries.<\/p>\n<p> <img decoding=\"async\" src=\"https:\/\/www.bleepstatic.com\/c\/w\/Securing-AI-Agents-970x250.png\" alt=\"Wiz\" style=\"margin-top: 0px;\"\/><\/p>\n<p>The\u00a0CVE-2026-24423 flaw affects SmarterTools SmarterMail versions prior to build 9511, and successful exploitation can lead to remote code execution (RCE) via the ConnectToHub API.<\/p>\n<p>The vulnerability was discovered and disclosed responsibly\u00a0 to SmarterTools by security researchers at watchTowr, CODE WHITE, and VulnCheck cybersecurity companies.<\/p>\n<p>The vendor fixed the flaw on January 15 in SmarterMail Build 9511.<\/p>\n<p>CISA has now added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and marked it as actively exploited in ransomware campaigns.<\/p>\n<p>\u201cSmarterTools SmarterMail contains a missing authentication for a critical function vulnerability in the ConnectToHub API method,\u201d the government agency\u00a0warns.<\/p>\n<p>\u201cThis could allow the attacker to point the SmarterMail instance to a malicious HTTP server that serves the malicious OS command and could lead to command execution.\u201d<\/p>\n<p>CISA has given federal agencies and entities with obligations under BOD 22-01 guidance to either apply the security updates and vendor-suggested mitigations or stop using the product by February 26, 2026.<\/p>\n<p>Around the same time that SmarterTools patched CVE-2026-24423, watchTowr researchers discovered another authentication bypass flaw, internally tracked as&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-warns-of-smartermail-rce-flaw-used-in-ransomware-attacks\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA warns of SmarterMail RCE flaw used in ransomware attacks https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-warns-of-smartermail-rce-flaw-used-in-ransomware-attacks\/ Publish Date: 2026-02-06 12:16:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":210831,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2024\/03\/22\/email-malware.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,32,27],"class_list":["post-210830","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210830"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=210830"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210830\/revisions"}],"predecessor-version":[{"id":210832,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210830\/revisions\/210832"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/210831"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=210830"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=210830"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=210830"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}