Vulnerability in Asterisk
CVE-2026-23741
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 o…
EPSS: 0.002 (7.0th percentile) — read the EPSS interpretation.
Affected products
- Asterisk — versions < 23.2.2, < 22.8.2, < 21.12.1
- Sangoma Asterisk
- Sangoma Certified_asterisk — versions 20.7
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)