CVE-2026-23760 Scanner

SmarterTools SmarterMail is a robust mail server solution used by enterprises and hosting companies to manage and deliver email services. Equipped with user-friendly webmail and collaborative features, it finds application in handling extensive email communication needs across various industries. The software is widely appreciated for its integration capabilities with other tools, providing a seamless email operation experience. As a versatile and highly configurable email platform, SmarterMail supports a broad range of business and communication requirements. Given its extensive functionality, SmarterMail is often a critical component of an organization's communication infrastructure, requiring strong security measures to prevent unauthorized access. Moreover, its administrative capabilities allow streamlined management of user accounts, making security integral to its deployment.

The detected vulnerability pertains to unauthorized admin access, which poses a significant risk to the SmarterMail system. Exploiting this vulnerability allows unauthorized attackers to reset administrator passwords without proper authentication, leading to system-wide access. Such unauthorized access to critical administrative functions can lead to manipulation or exfiltration of sensitive information stored within the email server. It essentially opens up the system to malicious activities, compromising the confidentiality and integrity of user communications. The high severity of this vulnerability underscores the need for immediate remediation to prevent potential security breaches. Ensuring the security of administrative endpoints is crucial to maintaining control over system operations and preventing unauthorized actions.

Technically, the vulnerability is exploited by sending a POST request to the `/api/v1/auth/force-reset-password` endpoint. The endpoint accepts parameters that allow the reset of a system administrator's password, bypassing normal authorization protocols. Without proper security checks in place, this vulnerability allows for unauthorized resetting of admin credentials. The request must include specific JSON payload details, indicating an improper authorization handling in the application. The successful HTTP 200 status and the words `"success":true` in the response body confirm the exploit's success. This indicates a critical lapse in the security verification mechanisms of SmarterMail's administrative API.

When exploited, the vulnerability can lead to full administrative takeover of the SmarterMail system, enabling attackers to manipulate user accounts, alter configuration settings, and access private communications. This can lead to severe operational disruptions, data breaches, and loss of sensitive information. Additionally, unauthorized access may further degrade user trust and the integrity of organizational communication systems. As such, remediation efforts should be prioritized to safeguard against these destructive outcomes. Prompt assessment and patching of vulnerable systems are essential to avert potential exploitation by threat actors.

REFERENCES

• https://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass/