SmarterTools SmarterMail Admin Password Reset (CVE-2026-23760)
Description
SmarterTools SmarterMail contains an unauthenticated administrative password reset vulnerability. The application exposes an API endpoint that accepts password reset requests without verifying a secret. By sending a crafted POST request with a target username and desired password, a remote unauthenticated attacker can overwrite the administrator's credentials, gaining full control over the mail server administration interface.
Remediation
Upgrade SmarterMail to the latest patched version and ensure all security updates are applied regularly.