Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-23760
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API
Source: NVD (National Vulnerability Database)
Vulnerability Description
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用候选路径或通道进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
SmarterTools SmarterMail 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SmarterTools SmarterMail是SmarterTools公司的一套邮件服务器软件。该软件支持垃圾邮件过滤、数据统计、简单邮件传输协议SMTP验证等功能。 SmarterTools SmarterMail 9511之前版本存在安全漏洞,该漏洞源于密码重置API存在身份验证绕过,可能导致完全管理员账户被接管。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
SmarterToolsSmarterMail 0 ~ 100.0.9511 -
II. Public POCs for CVE-2026-23760
#POC DescriptionSource LinkShenlong Link
1Detected a SmartMail admin password reset vulnerability by sending a POST request to the `/api/v1/auth/force-reset-password` endpoint, indicating that administrative password resets could potentially be triggered without proper authorization. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-23760.yamlPOC Details
2SmarterMail Auth Bypass & RCE Exploithttps://github.com/hilwa24/CVE-2026-23760_SmarterMail-Auth-Bypass-and-RCEPOC Details
3CVE-2026-23760 - An authentication bypass via password reset API in SmarterMail.https://github.com/MaxMnMl/smartermail-CVE-2026-23760-pocPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2026-23760
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: SmarterMail
Same vendor: SmarterTools
Same weakness: CWE-288
V. Comments for CVE-2026-23760

No comments yet

Leave a comment