Daily CyberSecurity (securityonline.info) ·EN-US News source Exploited in the wildGravity SMTP
Active Gravity SMTP Vulnerability Exploited in the Wild
CVE Tools coverage
A vulnerability in RocketGenius Gravity SMTP is being exploited in the wild, tracked as CVE-2026-4020 (CVSS 7.5). The issue affects Gravity SMTP versions ≤ 2.1.4 by allowing unauthenticated attackers to access a REST API endpoint that returns system report details, including sensitive email integration credentials (API keys, secrets, and OAuth tokens). This matters because exposed credentials can enable account compromise and follow-on spam or phishing activity; affected users should upgrade to Gravity SMTP 2.1.5 and rotate any email integration secrets.