Critical SmarterMail RCE Vulnerability Under Active Exploitation
A severe remote code execution (RCE) vulnerability in SmarterTools’ SmarterMail software is being actively exploited, exposing thousands of servers worldwide. Tracked as CVE-2026-23760, the flaw allows unauthenticated attackers to execute arbitrary commands on vulnerable systems, granting full control over affected servers.
Security researchers identified approximately 6,000 internet-accessible SmarterMail instances running unpatched versions, with exploitation attempts already confirmed in the wild. The Shadowserver Foundation detected the threat through version-based scans, revealing a broad attack surface across enterprises, educational institutions, and service providers.
The vulnerability poses significant risks, including email interception, malware deployment, and persistent backdoor access. Organizations in healthcare, finance, government, and technology sectors are among those likely affected, given SmarterMail’s widespread adoption. Successful exploitation could lead to data exfiltration, business email compromise (BEC), and supply chain attacks.
SmarterTools has released patches to address CVE-2026-23760, classified as critical due to its severity and active exploitation. The flaw’s global distribution underscores the urgency for organizations to assess, patch, and monitor their deployments to mitigate potential breaches.
Source: https://cyberpress.org/6000-smartermail-servers-exposed-to-actively-exploited-rce-vulnerability/
SmarterTools cybersecurity rating report: https://www.rankiteo.com/company/smartertools
"id": "SMA1769518747",
"linkid": "smartertools",
"type": "Vulnerability",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Approximately 6,000 '
'internet-accessible SmarterMail '
'instances',
'industry': 'Technology',
'name': 'SmarterTools',
'type': 'Software Vendor'},
{'industry': ['Healthcare',
'Finance',
'Government',
'Technology'],
'location': 'Global',
'type': 'Enterprise, Educational Institution, Service '
'Provider'}],
'attack_vector': 'Unauthenticated remote exploitation',
'data_breach': {'data_exfiltration': 'Possible',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Email data, sensitive business '
'information'},
'description': 'A severe remote code execution (RCE) vulnerability in '
'SmarterTools’ SmarterMail software is being actively '
'exploited, exposing thousands of servers worldwide. Tracked '
'as CVE-2026-23760, the flaw allows unauthenticated attackers '
'to execute arbitrary commands on vulnerable systems, granting '
'full control over affected servers. Successful exploitation '
'could lead to email interception, malware deployment, '
'persistent backdoor access, data exfiltration, business email '
'compromise (BEC), and supply chain attacks.',
'impact': {'data_compromised': 'Email interception, data exfiltration',
'operational_impact': 'Full control over affected servers, '
'potential business email compromise (BEC), '
'supply chain attacks',
'systems_affected': 'SmarterMail servers'},
'initial_access_broker': {'backdoors_established': 'Possible persistent '
'backdoor access'},
'post_incident_analysis': {'corrective_actions': 'Apply patches released by '
'SmarterTools',
'root_causes': 'Unpatched SmarterMail software '
'(CVE-2026-23760)'},
'recommendations': 'Assess, patch, and monitor SmarterMail deployments to '
'mitigate potential breaches.',
'references': [{'source': 'Shadowserver Foundation'}],
'response': {'remediation_measures': 'Patches released by SmarterTools'},
'title': 'Critical SmarterMail RCE Vulnerability Under Active Exploitation',
'type': 'Remote Code Execution (RCE)',
'vulnerability_exploited': 'CVE-2026-23760'}