sangoma

Top products

The 15 most recently published vulnerabilities affecting sangoma.

• CVE-2026-44237FreePBX: Authenticated Access can lead to Subsequent OAuth2 Authentication Bypass in API Module8.1May 29, 2026
• CVE-2026-44238FreePBX: Authenticated SQL Injection via ORDER BY in CDR Reports8.8May 29, 2026
• CVE-2026-44239FreePBX: Authenticated Local File Inclusion in Dashboard Module8.8May 29, 2026
• CVE-2026-46376FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface9.8May 29, 2026
• CVE-2026-45362Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file.3.2May 12, 2026
• CVE-2026-28287FreePBX: Authenticated Remote Code Execution via Recordings Module AJAX Endpoints8.8Mar 5, 2026
• CVE-2026-28284FreePBX: Authenticated SQL Injection Vulnerabilities in FreePBX Logfiles Module8.8Mar 5, 2026
• CVE-2026-28210FreePBX: Authenticated SQL Injection in CDR (Call Data Record) Reports8.8Mar 5, 2026
• CVE-2026-28209FreePBX: Command Injection leading to Remote Code Execution in FreePBX ElevenLabs Text-to-Speech integration7.2Mar 5, 2026
• CVE-2025-55210FreePBX API has a Privilege Escalation Error in GraphQL Allowing Authenticated Users to Access Additional Scopes7.5Feb 12, 2026
• CVE-2026-23739Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection2.0Feb 6, 2026
• CVE-2026-23738The Asterisk embedded web server 's /httpstatus page echos user supplied values(cookie and query string) without sanitization3.5Feb 6, 2026
• CVE-2025-67736Authenticated SQL Injection in FreePBX tts (Text To Speech) module7.2Dec 16, 2025
• CVE-2025-67722Authenticated amportal search for ‘freepbx_engine’ in non root writeable directories leads to potential privilege escalation7.8Dec 16, 2025
• CVE-2024-58294FreePBX 16 Authenticated Remote Code Execution via API Module8.8Dec 11, 2025