CVE Tools
Back to feed
Daily CyberSecurity (securityonline.info) ·EN-US News source Exploited in the wildGravity SMTP

Active Gravity SMTP Vulnerability Exploited in the Wild

By Do Son··3 min read
CVE Tools coverage

A vulnerability in RocketGenius Gravity SMTP is being exploited in the wild, tracked as CVE-2026-4020 (CVSS 7.5). The issue affects Gravity SMTP versions ≤ 2.1.4 by allowing unauthenticated attackers to access a REST API endpoint that returns system report details, including sensitive email integration credentials (API keys, secrets, and OAuth tokens). This matters because exposed credentials can enable account compromise and follow-on spam or phishing activity; affected users should upgrade to Gravity SMTP 2.1.5 and rotate any email integration secrets.