CISA Adds New Vulnerability Affecting SmarterMail to Known Exploited Vulnerabilities Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability (CVE-2026-24423) affecting SmarterTools' SmarterMail messaging and collaboration server to its catalog of known exploited vulnerabilities. This vulnerability is being exploited in ransomware attacks. On January 26, CISA had already listed two other vulnerabilities affecting SmarterMail: CVE-2025-52691 (unrestricted upload of a file with a dangerous type) and CVE-2026-23760 (authentication bypass). Researchers from WatchTowr have analyzed and shared technical details about these vulnerabilities.