SmarterTools SmarterMail Build 9511 security patch release
Security Patch Release
Summary
Hide ▲
Show ▼
SmarterTools released Build 9511 for SmarterMail on January 15, 2026, delivering critical security fixes for the email platform. The update followed responsible disclosure on January 8, 2026 and served as the vendor's response to a newly identified security issue. The release matters because the same flaw was later reported as actively exploited in the wild.
Related Happenings
Synacor Zimbra CVE-2025-48700 security patch release
Security Patch Release
First: 24.04.2026 16:35
Last: 24.04.2026 16:35
Sources 1
About this happening:
Synacor released **security patches** for **CVE-2025-48700**, fixing an **XSS flaw** in **Zimbra Classic UI** that could be triggered by a **malicious email** and expose **sensiti...
Synacor Zimbra CVE-2025-48700 security patch release
Security Patch ReleaseAbout this happening: Synacor released **security patches** for **CVE-2025-48700**, fixing an **XSS flaw** in **Zimbra Classic UI** that could be triggered by a **malicious email** and expose **sensiti...
CISA adds two Roundcube flaws to KEV catalog
Public Sector Action
First: 21.02.2026 09:21
Last: 21.02.2026 09:21
Sources 1
About this happening:
**CISA** added **two Roundcube webmail flaws** to the **KEV catalog** after citing **active exploitation**, increasing urgency for federal remediation. **CVE-2025-49113** is a **C...
CISA adds two Roundcube flaws to KEV catalog
Public Sector ActionAbout this happening: **CISA** added **two Roundcube webmail flaws** to the **KEV catalog** after citing **active exploitation**, increasing urgency for federal remediation. **CVE-2025-49113** is a **C...
Google Chrome zero-day patch (CVE-2026-2441)
Security Patch Release
First: 16.02.2026 13:30
Last: 16.02.2026 13:30
Sources 1
About this happening:
**Google** released a security update for **Chrome on Windows, Mac, and Linux** to fix **CVE-2026-2441**, a **zero-day** with a reported **in-the-wild exploit**. The patch matters...
Google Chrome zero-day patch (CVE-2026-2441)
Security Patch ReleaseAbout this happening: **Google** released a security update for **Chrome on Windows, Mac, and Linux** to fix **CVE-2026-2441**, a **zero-day** with a reported **in-the-wild exploit**. The patch matters...
CISA adds four actively exploited flaws to KEV with FCEB deadlines
Public Sector Action
First: 13.02.2026 10:34
Last: 13.02.2026 10:34
Sources 1
About this happening:
CISA added **four vulnerabilities** to the **Known Exploited Vulnerabilities (KEV) catalog** after evidence of **active exploitation**, putting **FCEB agencies** on a forced remed...
CISA adds four actively exploited flaws to KEV with FCEB deadlines
Public Sector ActionAbout this happening: CISA added **four vulnerabilities** to the **Known Exploited Vulnerabilities (KEV) catalog** after evidence of **active exploitation**, putting **FCEB agencies** on a forced remed...
Patch Tuesday multi-vendor security patch release (multiple vulnerabilities)
Security Patch Release
First: 11.02.2026 15:28
Last: 11.02.2026 15:28
Sources 1
About this happening:
On **Patch Tuesday**, **software vendors** released security updates across **OS, cloud, network, and application platforms**, closing multiple flaws in widely used products and s...
Patch Tuesday multi-vendor security patch release (multiple vulnerabilities)
Security Patch ReleaseAbout this happening: On **Patch Tuesday**, **software vendors** released security updates across **OS, cloud, network, and application platforms**, closing multiple flaws in widely used products and s...
Timeline
-
22.01.2026 11:46 1 articles · 4mo ago
Responsible disclosure of SmarterMail authentication bypass
Initial DisclosurewatchTowr Labs discloses an authentication bypass in SmarterMail tracked as WT-2026-0001 after finding that a crafted HTTP request to /api/v1/auth/force-reset-password could reset a system administrator password.
Show sources
- SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release — thehackernews.com — 22.01.2026 11:46
-
22.01.2026 11:46 5 articles · 4mo ago
SmarterMail Build 9511 patch release
Mitigation Patch UpdateSmarterTools releases SmarterMail Build 9511 to address the newly disclosed flaw, with the update described only as containing critical security fixes.
Show sources
- SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release — thehackernews.com — 22.01.2026 11:46
- SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release — thehackernews.com — 22.01.2026 11:46
- SmarterMail auth bypass flaw now exploited to hijack admin accounts — www.bleepingcomputer.com — 22.01.2026 20:44
- Over 6,000 SmarterMail servers exposed to automated hijacking attacks — www.bleepingcomputer.com — 27.01.2026 16:09
- SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score — thehackernews.com — 30.01.2026 09:09
-
22.01.2026 11:46 1 articles · 4mo ago
Observed SmarterMail password-reset misuse after the patch
Exploitation ObservedLogs tied to a SmarterMail administrator account show use of the /api/v1/auth/force-reset-password endpoint on January 17, 2026, suggesting the same flaw was used to change the admin password after the patch release.
Show sources
- SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release — thehackernews.com — 22.01.2026 11:46
-
22.01.2026 11:46 1 articles · 4mo ago
watchTowr Labs reports active exploitation of SmarterMail WT-2026-0001
Technical Analysis UpdatewatchTowr Labs reports active exploitation of SmarterMail WT-2026-0001 and says the authentication bypass can reset the system administrator password through /api/v1/auth/force-reset-password before pivoting to SYSTEM-level command execution through the built-in volume creation workflow.
Show sources
- SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release — thehackernews.com — 22.01.2026 11:46