Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA SmarterMail remediation guidance for CVE-2026-24423

Advisory/Mitigation
First reported
Last updated
Happening score
H score 86
1 unique sources, 2 articles

Summary

Hide ▲

SmarterMail is at the center of a CVE-2026-24423 remediation and exploitation wave: the flaw enables unauthenticated remote code execution in versions prior to Build 9511, while CVE-2026-23760 adds authentication-bypass risk on exposed email servers. CISA added CVE-2026-24423 to the Known Exploited Vulnerabilities catalog after confirming active ransomware exploitation, and directed federal agencies and other BOD 22-01 entities to apply updates, use vendor mitigations, or stop using the product by February 26, 2026.

Cases

Related Happenings

Microsoft security patch release for CVE-2026-42824

Security Patch Release
H score30 First: 15.06.2026 16:00 Last: 15.06.2026 16:00 Sources 1

About this happening: Microsoft's **fix for SearchLeak** in **Microsoft 365 Copilot Enterprise** closed a **critical** flaw tied to **CVE-2026-42824** that could expose **mailbox, OneDrive, and SharePo...

Microsoft 365 Copilot Enterprise SearchLeak remote code execution flaw (CVE-2026-42824)

Vulnerability
H score34 First: 15.06.2026 16:00 Last: 15.06.2026 16:00 Sources 1

About this happening: **Microsoft 365 Copilot Enterprise Search** has a **critical** vulnerability chain, **SearchLeak**, that could let a user leak **emails, calendar details, MFA codes, and indexed f...

Splunk Enterprise security update for CVE-2026-20253

Security Patch Release
H score52 First: 13.06.2026 16:23 Last: 13.06.2026 16:23 Sources 1

About this happening: **Splunk** released **security updates** for **CVE-2026-20253**, fixing a critical **Splunk Enterprise** flaw that could enable unauthenticated file operations and **remote code e...

Everest Forms Pro plugin actively exploited RCE (CVE-2026-3300)

Vulnerability
H score87 First: 04.06.2026 19:15 Last: 04.06.2026 19:15 Sources 1

About this happening: **Everest Forms Pro** has an **actively exploited** critical **remote code execution** flaw, **CVE-2026-3300**, that lets unauthenticated attackers run **PHP** and take over **Wor...

Ghost CMS CVE-2026-26980 ClickFix campaign

Campaign
H score42 First: 24.05.2026 17:12 Last: 24.05.2026 17:12 Sources 1

About this happening: A **large-scale campaign** is exploiting **CVE-2026-26980** in **Ghost CMS** to plant malicious JavaScript and drive **ClickFix** lure pages, putting exposed sites and their visit...

Timeline

  1. 06.02.2026 19:16 2 articles · 5mo ago

    SmarterTools fixes CVE-2026-24423 in SmarterMail Build 9511

    Mitigation Patch Update

    SmarterTools releases SmarterMail Build 9511 on January 15, 2026, fixing CVE-2026-24423 in versions prior to build 9511 and closing the ConnectToHub API path that could permit unauthenticated remote code execution.

    Show sources
  2. 06.02.2026 19:16 1 articles · 5mo ago

    CISA warns of exploited SmarterMail flaw and sets remediation deadline

    Legal Policy Action Update

    CISA warns that ransomware actors are exploiting CVE-2026-24423 in SmarterMail, adds the vulnerability to the Known Exploited Vulnerabilities catalog, and directs federal agencies and BOD 22-01 entities to apply security updates and vendor-suggested mitigations or stop using the product by February 26, 2026.

    Show sources