What is CVE-2026-39864?

CVE-2026-39864 is a medium-severity vulnerability in Kamailio, classified under Out-of-bounds Read. CVSS score: 4.4/10. Published 2026-04-08.

How severe is CVE-2026-39864?

Medium severity. CVSS v3 base score is 4.4 out of 10.

Out-of-bounds Read in Kamailio

CVE-2026-39864

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process cr…

Vulnerability class: Buffer Overflow

EPSS: 0.002 (46.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H.

Affected products

Kamailio — versions < 5.8.7, >= 6.0.0, < 6.0.5

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

https://github.com/kamailio/kamailio/security/advisories/GHSA-6m86-m342-g48m (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-39864?: CVE-2026-39864 is a medium-severity vulnerability in Kamailio, classified under Out-of-bounds Read. CVSS score: 4.4/10. Published 2026-04-08.
How severe is CVE-2026-39864?: Medium severity. CVSS v3 base score is 4.4 out of 10.