SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score

SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score
好的，我现在需要帮用户总结这篇文章的内容，控制在100字以内。首先，我得仔细阅读文章，找出关键信息。文章主要讲SmarterTools修复了SmarterMail软件中的三个安全漏洞。其中两个是关键漏洞，CVSS评分都是9.3分，属于高危。第一个漏洞CVE-2026-24423允许未认证的远程代码执行，可能被攻击者利用来执行恶意命令。第二个漏洞CVE-2026-23760同样严重，并且已经被积极利用。第三个漏洞是中危的CVE-2026-25067，可能导致NTLM中继攻击和未经授权的网络认证。修复版本分别是Build 9511和Build 9518，发布日期分别是2026年1月15日和1月22日。用户需要尽快更新以避免被攻击。现在我要把这些信息浓缩到100字以内，确保涵盖主要漏洞、评分、影响和修复措施。同时，不需要使用“文章内容总结”之类的开头词。可能会这样组织：SmarterTools修复了SmarterMail中的三个安全漏洞，包括两个高危漏洞（CVSS 9.3）允许远程代码执行和NTLM中继攻击，以及一个中危漏洞。这些漏洞已被修复，建议用户立即更新以防止攻击。检查一下字数是否在限制内，并确保信息准确无误。 </think> SmarterTools修复了SmarterMail中的三个安全漏洞，包括两个高危漏洞（CVSS 9.3）允许远程代码执行和NTLM中继攻击，以及一个中危漏洞。这些漏洞已被修复，建议用户立即更新以防止攻击。 2026-1-30 07:9:0 Author: thehackernews.com(查看原文) 阅读量:0 收藏

Vulnerability / Email Security

SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution.

The vulnerability, tracked as CVE-2026-24423, carries a CVSS score of 9.3 out of 10.0.

"SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method," according to a description of the flaw in CVE.org.

"The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS [operating system] command. This command will be executed by the vulnerable application."

watchTowr researchers Sina Kheirkhah and Piotr Bazydlo, CODE WHITE GmbH's Markus Wulftange, and VulnCheck's Cale Black have been credited with discovering and reporting the vulnerability.

The security hole has been addressed in version Build 9511, released on January 15, 2026. The same build also patches another critical flaw (CVE-2026-23760, CVSS score: 9.3) that has since come under active exploitation in the wild.

In addition, SmarterTools has shipped fixes to plug a medium-severity security vulnerability (CVE-2026-25067, CVSS score: 6.9) that could allow an attacker to facilitate NTLM relay attacks and unauthorized network authentication.

It has been described as a case of unauthenticated path coercion affecting the background-of-the-day preview endpoint.

"The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation," VulnCheck noted in an alert.

"On Windows systems, this allows UNC [Universal Naming Convention] paths to be resolved, causing the SmarterMail service to initiate outbound SMB authentication attempts to attacker-controlled hosts. This can be abused for credential coercion, NTLM relay attacks, and unauthorized network authentication."

The vulnerability has been patched in Build 9518, released on January 22, 2026. With two vulnerabilities in SmarterMail coming under active exploitation over the past week, it's essential that users update to the latest version as soon as possible.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

文章来源: https://thehackernews.com/2026/01/smartermail-fixes-critical.html
如有侵权请联系:admin#unsafe.sh