Is CVE-2026-4020 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-4020 is not currently listed in the CISA KEV catalog.

Which frameworks does CVE-2026-4020 affect?

CVE-2026-4020 affects WordPress.

Vulnerability intelligence

CVE-2026-4020

CVE-2026-4020 in Gravity SMTP exposes a REST endpoint that dumps 365KB of live credentials — Amazon SES, Google, Mailjet, Zoho OAuth tokens. Patched in March. Mass exploitation started in June. 17M+ attempts blocked.

WordPress 2026

What WebPulse reported · 2 analyses

A Permission Callback That Returns True. 100,000 WordPress Sites Leaked Live API Keys. 17 Million Attacks Followed.

CVE-2026-4020 in Gravity SMTP exposes a REST endpoint that dumps 365KB of live credentials — Amazon SES, Google, Mailjet, Zoho OAuth tokens. Patched in March. M

June 26, 2026

Gravity SMTP: One WordPress Plugin, 17 Million Exploit Attempts

CVE-2026-4020 exposes an unauthenticated REST API endpoint in Gravity SMTP that leaks email API keys for Amazon SES, Google, Mailjet, and Zoho. 100,000 sites af

June 22, 2026

View CVE-2026-4020 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-8206 CVE-2026-8181 CVE-2026-3844 CVE-2026-10795 CVE-2026-1293 CVE-2026-8732 CVE-2026-4798 CVE-2026-3300