CVE advisoryKnown Exploit
CVE-2026-23760
SmarterMail Authentication Bypass Allows Administrative Compromise.
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A vulnerability in SmarterMail's password reset API allows unauthenticated attackers to bypass authentication and reset administrator passwords, leading to full administrative control and potential operating system command execution. This poses a significant business risk, as the vulnerability is known to be exploited