Freepbx Security-reporting
9 CVEs affecting Freepbx Security-reporting. Latest disclosed: 2026-05-29. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-46376 | Critical | 9.8 | 2026-05-29 | FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel (UCP) using har… |
CVE-2026-44239 | High | 8.8 | 2026-05-29 | FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input w… |
CVE-2026-44238 | High | 8.8 | 2026-05-29 | FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Au… |
CVE-2026-44237 | High | 8.1 | 2026-05-29 | FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during toke… |
CVE-2026-26978 | | 2026-05-18 | FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentiall… | |
CVE-2026-28287 | | 2026-03-05 | FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, multiple command injection vulnerabilit… | |
CVE-2026-28284 | | 2026-03-05 | FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilitie… | |
CVE-2026-28210 | | 2026-03-05 | FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr (Call Data Record) is vulnerable to SQL query injection. This issue… | |
CVE-2026-28209 | | 2026-03-05 | FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exist… |