Freepbx
This hub aggregates every CVE we track for Freepbx, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.
47
CVEs tracked
6
Critical
21
High
3
In CISA KEV
Severity distribution
HIGH21MEDIUM18CRITICAL6LOW2
Monthly trend
0
0
0
0
0
1
0
0
0
0
0
0
0
1
2
1
1
4
0
1
4
0
4
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Freepbx.
- CVE-2026-44237FreePBX: Authenticated Access can lead to Subsequent OAuth2 Authentication Bypass in API Module8.1
- CVE-2026-44238FreePBX: Authenticated SQL Injection via ORDER BY in CDR Reports8.8
- CVE-2026-44239FreePBX: Authenticated Local File Inclusion in Dashboard Module8.8
- CVE-2026-46376FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface9.8
- CVE-2026-28287FreePBX: Authenticated Remote Code Execution via Recordings Module AJAX Endpoints8.8
- CVE-2026-28284FreePBX: Authenticated SQL Injection Vulnerabilities in FreePBX Logfiles Module8.8
- CVE-2026-28210FreePBX: Authenticated SQL Injection in CDR (Call Data Record) Reports8.8
- CVE-2026-28209FreePBX: Command Injection leading to Remote Code Execution in FreePBX ElevenLabs Text-to-Speech integration7.2
- CVE-2025-55210FreePBX API has a Privilege Escalation Error in GraphQL Allowing Authenticated Users to Access Additional Scopes7.5
- CVE-2025-67736Authenticated SQL Injection in FreePBX tts (Text To Speech) module7.2
- CVE-2025-67722Authenticated amportal search for ‘freepbx_engine’ in non root writeable directories leads to potential privilege escalation7.8
- CVE-2024-58294FreePBX 16 Authenticated Remote Code Execution via API Module8.8
- CVE-2025-66039FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header9.8
- CVE-2025-64328FreePBX Administration GUI is Vulnerable to Authenticated Command InjectionKEV7.2
- CVE-2025-59429FreePBX core module vulnerable to reflected cross-site scripting via Asterisk HTTP Status page5.4
Product normalization is registry-driven with AI assist and human review. How it works