SmarterMail < 100.0.9511 Unauthenticated RCE via ConnectToHub API (CVE-2026-24423)

Version 1.2

Feb 9, 2026, 4:07 PM

CVSS metrics ("CVSSv2 score" set to 10.0)
CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C")
CVSS metrics ("Cvssv4 threat score" set to 9.3)
CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:A")
CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C")
CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C")
Exploit attributes ("Exploit available" set to "True")
Exploit attributes ("Exploitability ease" set to "Exploits are available")