CVSS: 0EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23741 – ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
https://notcve.org/view.php?id=CVE-2026-23741
06 Feb 2026 — Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an... • https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 70EXPL: 0CVE-2026-23740 – Asterisk vulnerable to potential privilege escalation
https://notcve.org/view.php?id=CVE-2026-23740
06 Feb 2026 — Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions ... • https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c • CWE-427: Uncontrolled Search Path Element •
CVSS: 2.0EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23739 – Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
https://notcve.org/view.php?id=CVE-2026-23739
06 Feb 2026 — Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing. Specifically, it invokes xmlReadFile() with the XML_PARSE_NOENT flag and later processes XIncludes via xmlXIncludeProcess().If any untrusted or user-supplied XML file is passed to this function, it can allow an attack... • https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-23738 – The Asterisk embedded web server 's /httpstatus page echos user supplied values(cookie and query string) without sanitization
https://notcve.org/view.php?id=CVE-2026-23738
06 Feb 2026 — Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relating to asterisk/main /http.c. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2. • https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-57767 – Asterisk can crash from a specifically malformed Authorization header in an incoming SIP request
https://notcve.org/view.php?id=CVE-2025-57767
28 Aug 2025 — Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the get_authorization_header() function in res_pjsip_authenticator_digest will return a NULL. This wasn't being checked before attemptin... • https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f • CWE-253: Incorrect Check of Function Return Value •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-54995 – Asterisk remotely exploitable leak of RTP UDP ports and internal resources
https://notcve.org/view.php?id=CVE-2025-54995
28 Aug 2025 — Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17. • https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9 • CWE-400: Uncontrolled Resource Consumption CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-49832 – Asterisk is Vulnerable to Remote DoS and possible RCE Attacks During Memory Allocation
https://notcve.org/view.php?id=CVE-2025-49832
01 Aug 2025 — Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in `asterisk/res/res_stir_shaken /verification.c` that can be exploited when an attacker can set an arbitrary Identity header, or STIR/SHAKEN is enabled, with verification set in the SIP profile associated with the endpoint to be attacked. This is fixed in versions 18.26.3,... • https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-47780 – cli_permissions.conf: deny option does not work for disallowing shell commands
https://notcve.org/view.php?id=CVE-2025-47780
22 May 2025 — Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expe... • https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-47779 – Using malformed From header can forge identity with ";" or NULL in name portion
https://notcve.org/view.php?id=CVE-2025-47779
22 May 2025 — Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to c... • https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample • CWE-140: Improper Neutralization of Delimiters CWE-792: Incomplete Filtering of One or More Instances of Special Elements •
CVSS: 5.7EPSS: 1%CPEs: 5EXPL: 0CVE-2024-42491 – A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used
https://notcve.org/view.php?id=CVE-2024-42491
05 Sep 2024 — Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are ... • https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4 • CWE-252: Unchecked Return Value CWE-476: NULL Pointer Dereference •