watchTowrEarlier this month, we reported a zero-day auth. bypass in the SmarterTools SmarterMail email solution.
Someone has reversed the patch (released on 15th Jan) and begun exploiting it in the wild.
Read our analysis and please, ASSUME BREACH + PATCH NOW.
Attackers With Decompilers Strike Again (SmarterTools SmarterMail WT-2026-0001 Auth Bypass)
Well, well, well - look what we’re back with. You may recall that merely two weeks ago, we analyzed CVE-2025-52691 - a pre-auth RCE vulnerability in the SmarterTools SmarterMail email solution with a timeline that is typically reserved for KEV hall-of-famers. The plot of that story had everything; * A