Ctrl + K
/ news / CVE
CVEPublished 2026-01-231 article on news5 live referencesNVD data

CVE-2026-24423

Vulnerability data via CVEDB (Shodan)

CISA KEVKnown exploited in the wild.Used in ransomware
CISA action: SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution.
CVSS v3.1
9.3
CRITICAL
EPSS percentile
100
Exploit Prediction Scoring System · top 0% of all CVEs
Description

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.

Timeline
Published 2026-01-23

External references

NVDMITREExploit-DBSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-24423
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product + version
product:"Smartertools Smartermail" version:"1.0.0"
Version-pinned fingerprint from NVD's first vulnerable CPE.
Shodan · banner/body mention
http.html:"Smartermail"
HTTP body or banner mentions "Smartermail" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2026-24423
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-24423
Censys host search filtered to this CVE id.
grep.app
CVE-2026-24423
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-24423
GitHub code search for direct mentions.
Google dork
"CVE-2026-24423" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (5)

CVE-2026-244235 repos
Threekiii/CVEunknown
一个 CVE 漏洞预警知识库,无 exp/poc,部分包含修复方案。A knowledge base of CVE security vulnerability, no PoCs/exploits.
★ 172·updated 4d ago
DarkFunct/TK-CVE-RepoPython
TK-CVE-Repo
★ 51·updated 2w ago
chnzzh/iDRAC-CVE-libunknown
CVEs for Integrated Dell Remote Access Controller (iDRAC)
★ 24·updated today
aavamin/CVE-2026-24423Python
CVE-2026-24423 exp
★ 7·updated 4mo ago
kapetanios55/SentinelCBContentPython
★ 1·updated 4mo ago
Articles on news mentioning CVE-2026-24423