CNNVD-202601-3955 Information
CNNVD ID
CNNVD-202601-3955
Related CVE
- CNNVD Published: 2026-01-23
Description (Chinese)
SmarterTools SmarterMail是SmarterTools公司的一套邮件服务器软件。该软件支持垃圾邮件过滤、数据统计、简单邮件传输协议SMTP验证等功能。 SmarterTools SmarterMail build 9511之前版本存在访问控制错误漏洞,该漏洞源于ConnectToHub API方法存在未经身份验证的远程代码执行,可能导致执行任意OS命令。
Description (English)
SmartTools SmarterMail is a mail server software for SmarterTools. The software supports such functions as spam filtering, data statistics, simple mail transfer protocol SMTP authentication. Prior to SmartTools SmarterMail built 9511, there was a bug in access control, which stemmed from the fact that the ConnectToHub API method had a remote code unverified, which could lead to the execution of arbitrary OS orders.
Hazard Level
Low
Vulnerability Type
访问控制错误
Affected Vendor
SmarterTools
Published
2026-01-23
Last Modified
2026-02-24
References
https://code-white.com/public-vulnerability-list/#systemadminsettingscontrollerconnecttohub-missing-authentication-in-smartermail https://www.smartertools.com/smartermail/release-notes/current https://www.vulncheck.com/advisories/smartertools-smartermail-unauthenticated-rce-via-connecttohub-api https://access.redhat.com/security/cve/cve-2026-24423
Patch
https://www.smartertools.com/smartermail/release-notes/current
Share on: