Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

SmarterMail CVE-2026-23760 mass exploitation wave

Exploitation Wave
First reported
Last updated
Happening score
H score 64
2 unique sources, 3 articles

Summary

Hide ▲

CVE-2026-23760 is being exploited against SmarterMail to bypass authentication on internet-facing mail servers, creating takeover risk across thousands of exposed instances. Defenders have tracked more than 6,000 likely vulnerable servers and over 8,550 still exposed, while CISA added the flaw to its actively exploited list and set a February 16 remediation deadline for U.S. agencies. The vulnerability is an authentication bypass in the password reset API that can let an attacker reset a system administrator password, and SmarterTools released a fix in Build 9511 with further protection in Build 9526.

Cases

SmarterMail RCE, password-reset bypass, and ransomware response (5) SmarterMail RCE, password-reset bypass, and ransomware response (5)

Related Happenings

Roundcube Webmail actively exploited flaws (multiple vulnerabilities)

Vulnerability
First: 23.02.2026 13:44 Last: 23.02.2026 13:44 Sources 1

About this happening: **Roundcube Webmail** now faces confirmed **active exploitation** across **CVE-2025-49113** and **CVE-2025-68461**, exposing webmail installations to **remote code execution** and...

Open Happening

CISA adds two Roundcube flaws to KEV catalog

Public Sector Action
First: 21.02.2026 09:21 Last: 21.02.2026 09:21 Sources 1

About this happening: **CISA** added **two Roundcube webmail flaws** to the **KEV catalog** after citing **active exploitation**, increasing urgency for federal remediation. **CVE-2025-49113** is a **C...

Open Happening

Windows Admin Center improper authentication privilege escalation (CVE-2026-26119)

Vulnerability
First: 19.02.2026 19:40 Last: 19.02.2026 19:40 Sources 1

About this happening: **Windows Admin Center** is affected by **CVE-2026-26119**, a high-severity **improper authentication** flaw that can let an authorized attacker elevate privileges over a network....

Open Happening

Microsoft Windows Admin Center patch for CVE-2026-26119

Security Patch Release
First: 19.02.2026 19:40 Last: 19.02.2026 19:40 Sources 1

About this happening: Microsoft shipped **Windows Admin Center version 2511** to patch **CVE-2026-26119**, closing an **improper authentication** flaw that could let an authorized attacker **elevate pr...

Open Happening

Honeywell CCTV unauthenticated recovery-email takeover flaw (CVE-2026-1670)

Vulnerability
First: 18.02.2026 22:58 Last: 18.02.2026 22:58 Sources 1

About this happening: **CVE-2026-1670** affects multiple **Honeywell CCTV products**, where an unauthenticated API exposure can let an attacker change the recovery email on a device account and take ov...

Open Happening

Timeline

  1. 27.01.2026 16:09 1 articles · 4mo ago

    watchTowr reports SmarterMail authentication bypass to SmarterTools

    Initial Disclosure

    watchTowr reported a SmarterMail authentication bypass in the password reset API to SmarterTools on January 8, starting the remediation cycle for versions prior to build 9511.

    Show sources
    Open in new tab
  3. 27.01.2026 16:09 3 articles · 4mo ago

    watchTowr flags SmarterMail exploitation in the wild

    Exploitation Observed

    watchTowr said it was tipped off on January 21 that CVE-2026-23760 was being exploited in the wild against SmarterMail instances.

    Show sources
    Open in new tab
  4. 27.01.2026 16:09 1 articles · 4mo ago

    CISA adds CVE-2026-23760 to the actively exploited list

    Legal Policy Action Update

    CISA added CVE-2026-23760 to its list of actively exploited vulnerabilities on Monday and ordered U.S. government agencies to secure affected servers within three weeks, by February 16, or apply vendor mitigations.

    Show sources
    Open in new tab
  5. 27.01.2026 16:09 2 articles · 4mo ago

    Shadowserver tracks thousands of vulnerable SmarterMail instances

    Campaign Scope Update

    Shadowserver tracked over 6,000 SmarterMail servers flagged as likely vulnerable to CVE-2026-23760, including more than 4,200 across North America and nearly 1,000 in Asia, while Macnica scans found over 8,550 SmarterMail instances still vulnerable.

    Show sources
    Open in new tab