These updates fix dozens of vulnerabilities that dangerously threaten users. This hasn’t been particularly easy, as the updates have been released in two builds. They are intended to address the hazards posed by vulnerabilities CVE-2026-25067, CVE-2026-23760, and CVE-2026-24423.
On 1-15-2026, SmarterTools released Build 9511. This update addresses a medium-severity security vulnerability (CVE-2023-25067) with a CVSS score of 6.9. This vulnerability may enable attackers to more easily perform NTLM relay attacks and achieve unauthorized network authentication. On January 22, 2026, the company released Build 9518. This update fixed CVE-2026-24423, a critical flaw with a CVSS score of 9.3, as well as another critical vulnerability, CVE-2026-23760, rated 9.3.
Details of the Vulnerabilities
This medium-severity Remote Code Execution vulnerability, CVE-2026-25067, enables attackers to exploit SmarterMail service and authenticate to the network without permission. This vulnerability is especially dangerous because it opens the door to additional exploitation within compromised networks.
“The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation,” – VulnCheck
Moreover, CVE-2026-24423 is a critical security risk, allowing UNC paths to be resolved. This vulnerability enables the SmarterMail service to initiate outbound SMB (Server Message Block) authentication attempts to attacker-controlled hosts on Windows systems.
“On Windows systems, this allows UNC paths to be resolved, causing the SmarterMail service to initiate outbound SMB authentication attempts to attacker-controlled hosts. This can be abused for credential coercion, NTLM relay attacks, and unauthorized network authentication.” – VulnCheck
Exploitation of Critical Flaws
The sense of urgency is palpable. Both CVE-2026-23760 & CVE-2026-24423 have been seen in the wild actively exploited these past 7 days. The critical vulnerabilities are a big deal, as they could potentially lead to arbitrary code execution.
“SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method,” – CVE.org
A remote attacker might be able to cause SmarterMail to connect to an attacker-controlled HTTP server that returns malicious OS commands. If these commands were to be successfully run, they could severely damage system integrity and confidentiality.
“The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.” – CVE.org
Importance of Updating
Given the severity and number of vulnerabilities impacting SmarterMail, users are urged to upgrade any installations of SmarterMail to the builds listed below as quickly as possible. Specifically, Build 9511 and Build 9518 contain important security patches. These patches protect users from future attacks that would take advantage of vulnerabilities.