Nonprofit Security Organization Discovers Over 6,000 Exposed SmarterMail Servers Vulnerable to Critical Authentication Bypass Flaw

The nonprofit security organization Shadowserver has identified more than 6,000 SmarterMail servers exposed on the internet that are likely vulnerable to a critical authentication bypass flaw tracked as CVE-2026-23760. The vulnerability was disclosed on January 8 by the cybersecurity firm watchTowr. These exposed servers could be exploited by attackers leveraging this authentication flaw.