freepbx

Top products

The 15 most recently published vulnerabilities affecting freepbx.

• CVE-2026-44237FreePBX: Authenticated Access can lead to Subsequent OAuth2 Authentication Bypass in API Module8.1May 29, 2026
• CVE-2026-44238FreePBX: Authenticated SQL Injection via ORDER BY in CDR Reports8.8May 29, 2026
• CVE-2026-44239FreePBX: Authenticated Local File Inclusion in Dashboard Module8.8May 29, 2026
• CVE-2026-46376FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface9.8May 29, 2026
• CVE-2026-40520FreePBX api module Command Injection via GraphQL7.2Apr 21, 2026
• CVE-2026-28287FreePBX: Authenticated Remote Code Execution via Recordings Module AJAX Endpoints8.8Mar 5, 2026
• CVE-2026-28284FreePBX: Authenticated SQL Injection Vulnerabilities in FreePBX Logfiles Module8.8Mar 5, 2026
• CVE-2026-28210FreePBX: Authenticated SQL Injection in CDR (Call Data Record) Reports8.8Mar 5, 2026
• CVE-2026-28209FreePBX: Command Injection leading to Remote Code Execution in FreePBX ElevenLabs Text-to-Speech integration7.2Mar 5, 2026
• CVE-2025-55210FreePBX API has a Privilege Escalation Error in GraphQL Allowing Authenticated Users to Access Additional Scopes7.5Feb 12, 2026
• CVE-2025-67736Authenticated SQL Injection in FreePBX tts (Text To Speech) module7.2Dec 16, 2025
• CVE-2025-67722Authenticated amportal search for ‘freepbx_engine’ in non root writeable directories leads to potential privilege escalation7.8Dec 16, 2025
• CVE-2024-58294FreePBX 16 Authenticated Remote Code Execution via API Module8.8Dec 11, 2025
• CVE-2025-66039FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header9.8Dec 9, 2025
• CVE-2025-64328FreePBX Administration GUI is Vulnerable to Authenticated Command InjectionKEV7.2Nov 7, 2025