CVE-2026-23760 - SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API

CVE ID : CVE-2026-23760 Published : Jan. 22, 2026, 3:16 p.m. | 47 minutes ago Description : SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...