CISA Adds SmarterMail and React Native CLI Flaws to KEV Catalog

CISA Adds SmarterMail and React Native CLI Flaws to KEV Catalog


U.S. CISA has escalated two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. CVE-2026-24423 in SmarterTools SmarterMail and CVE-2025-11953 in React Native Community CLI demand immediate attention from organizations worldwide.

SmarterMail RCE Flaw Details

CVE-2026-24423 carries a CVSS score of 9.3 and stems from a missing authentication check in the ConnectToHub API method in SmarterMail versions prior to build 9511. Attackers can exploit this unauthenticated remote code execution (RCE) vulnerability by tricking the server into connecting to a malicious HTTP endpoint, enabling arbitrary OS command execution.

SmarterTools released build 9511 in late January 2026 to address the issue. Ransomware actors have already targeted exposed instances, underscoring the flaw’s severity in real-world attacks.

React Native CLI Command Injection

CVE-2025-11953 allows unauthenticated OS command injection through the Metro dev server, which binds to external interfaces by default. Remote attackers send POST requests to trigger arbitrary executables; on Windows, they gain full control over shell arguments.

VulnCheck reported sustained exploitation campaigns starting December 21, 2025, involving PowerShell loaders that disable Windows Defender defenses.

Actionable Recommendations

Federal Civilian Executive Branch (FCEB) agencies face a Binding Operational Directive (BOD 22-01) deadline of February 26, 2026, to patch or discontinue use. All organizations should:

  • Scan for vulnerable SmarterMail instances (build <9511) and React Native CLI setups.
  • Apply patches immediately: Upgrade SmarterMail to build 9511 or later.
  • Harden dev servers by binding Metro to localhost only.
  • Monitor for IOCs like anomalous HTTP redirects or PowerShell activity.

Exposed servers persist online, amplifying risks—prioritize vulnerability management now to mitigate breach potential.

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.