CNNVD-202601-3816 Information
CNNVD ID
CNNVD-202601-3816
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
SmarterTools SmarterMail是SmarterTools公司的一套邮件服务器软件。该软件支持垃圾邮件过滤、数据统计、简单邮件传输协议SMTP验证等功能。 SmarterTools SmarterMail 9511之前版本存在安全漏洞,该漏洞源于密码重置API存在身份验证绕过,可能导致完全管理员账户被接管。
Description (English)
SmartTools SmarterMail is a mail server software for SmarterTools. The software supports such functions as spam filtering, data statistics, simple mail transfer protocol SMTP authentication. There was a security loophole in the pre-SmartTools SmarterMail 9511 version, which resulted from a password reset API with an identification bypass that could lead to the full administrator account being taken over.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
SmarterTools
Published
2026-01-22
Last Modified
2026-02-24
References
https://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass/ https://code-white.com/public-vulnerability-list/#authenticationserviceforceresetpassword-missing-authentication-in-smartermail https://www.vulncheck.com/advisories/smartertools-smartermail-authentication-bypass-via-password-reset-api https://www.smartertools.com/smartermail/release-notes/current https://access.redhat.com/security/cve/cve-2026-23760
Patch
https://www.smartertools.com/smartermail/downloads
Share on: