CVE-2026-24423

Awaiting Analysis

Published: 23 Jan 2026, 16:53

Last modified:06 Feb 2026, 04:55

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.3 CRITICAL

v4.0 (cve.org)

EPSS Score

18.23% MEDIUM

18% probability +18.11%

KEV

Listed

CISA

1 listing

Ransomware

Known Use

Public exploits

None found

Dark Web

Not detected

Timeline

23 Jan 2026, 16:53

Published

Vulnerability first disclosed

05 Feb 2026, 00:00

Added to CISA KEV

SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability

06 Feb 2026, 04:55

Last Modified

Vulnerability information updated

26 Feb 2026, 00:00

CISA Remediation Due

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

CVSS Metrics

EPSS Trends

Weaknesses (CWE)

KEV Details

Affected Systems

References (4)