嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”之类的开头,直接写描述。首先,我需要仔细阅读文章,抓住关键点。 文章主要讲的是Shadowserver的研究人员发现了超过6000个暴露在网上的SmarterMail服务器,这些服务器可能容易受到一个关键认证绕过漏洞的攻击。漏洞编号是CVE-2026-23760,由watchTowr在1月8日披露,SmarterTools在1月15日修复了这个漏洞。 漏洞的具体情况是,在SmarterMail版本9511之前,密码重置API存在认证绕过问题。攻击者可以利用force-reset-password端点匿名请求重置管理员账户密码,而无需验证现有密码或重置令牌。这意味着未经认证的攻击者可以通过提供目标管理员用户名和新密码来接管账户,进而实现远程代码执行和服务器完全控制。 Shadowserver报告称,基于版本检查,全球约有6000个IP可能易受攻击,并且已经观察到野外的攻击尝试。大部分受影响的服务器位于美国(4100个),其次是马来西亚、印度、加拿大和英国。 此外,CISA将此漏洞加入其KeV目录,并要求FCEB机构在2月16日前解决该漏洞。 现在我需要把这些信息浓缩到100字以内。重点包括:发现的服务器数量、漏洞细节、影响范围、修复情况以及CISA的行动。 可能的结构是:Shadowserver发现超过6000个SmarterMail服务器暴露在线,并易受CVE-2026-23760认证绕过漏洞攻击。该漏洞允许未经认证的攻击者重置管理员密码并接管服务器。大部分受影响服务器在美国。CISA已要求机构在2月16日前修复。 </think> Shadowserver发现超6,000个SmarterMail服务器暴露在线并易受CVE-2026-23760认证绕过漏洞攻击。该漏洞使攻击者可匿名重置管理员密码并接管服务器。大部分受影响服务器位于美国。CISA已要求机构于2月16日前修复此漏洞。 2026-1-27 15:28:43 Author: securityaffairs.com(查看原文) 阅读量:0 收藏
Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online
Shadowserver researchers found 6,000+ SmarterMail servers exposed online and likely vulnerable to a critical auth bypass flaw.
Nonprofit security organization Shadowserver reported that over 6,000 SmarterMail servers are exposed on the internet and likely vulnerable to attacks exploiting a critical authentication bypass flaw tracked as CVE-2026-23760. Cybersecurity firm watchTowr disclosed the vulnerability on January 8, and SmarterTools addressed it on January 15, without assigning a CVE.
“SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts.” reads the advisory. “An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance.”
watchTowr researchers released a proof-of-concept exploit that only needs the admin username.
An unauthenticated attacker can exploit the flaw to hijack administrator accounts and achieve remote code execution on the target, potentially leading to a full takeover of vulnerable servers.
Shadowserver reported that over 6,000 SmarterMail servers are likely vulnerable, based on their version check. The researchers also observed exploitation attempts in attacks in the wild.
— The Shadowserver Foundation (@Shadowserver) January 26, 2026We added SmarterTools SmarterMail CVE-2026-23760 RCE to our daily Vulnerable HTTP scans. Around 6000 IPs globally found likely vulnerable based on our version check. We also see exploitation attempts in the wild.
CVE-2026-23760 Geo Treemap View: https://t.co/QqZ674VxXG pic.twitter.com/jDufbmo67s
Most of the likely vulnerable servers are in the U.S. (4.1K), followed by Malaysia (449), India (188), Canada (166), and the U.K. (146).
This week, CISA added CVE-2026-23760 to its KeV catalog, ordering FCEB agencies to address the identified vulnerability by February 16, 2026.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, SmarterMail)
如有侵权请联系:admin#unsafe.sh