Known Vulnerabilities for Freepbx by Sangoma
Listed below are 10 of the newest known vulnerabilities associated with "Freepbx" by "Sangoma".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-46376 json | FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the ... | Not Provided | 2026-05-29 | 2026-05-29 |
| CVE-2026-44239 json | FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP fi... | Not Provided | 2026-05-29 | 2026-05-30 |
| CVE-2026-44238 json | FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the ... | Not Provided | 2026-05-29 | 2026-05-30 |
| CVE-2026-44237 json | FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently valid... | Not Provided | 2026-05-29 | 2026-05-30 |
| CVE-2026-40520 json | FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function... | Not Provided | 2026-04-21 | 2026-04-21 |
| CVE-2026-26978 json | FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data dur... | Not Provided | 2026-05-18 | 2026-05-18 |
| CVE-2023-43336 json | Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control is... | 8.8 - HIGH | 2023-11-02 | 2023-11-09 |
| CVE-2021-45461 json | FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote at... | 9.8 - CRITICAL | 2021-12-22 | 2022-01-05 |
| CVE-2020-36630 json | A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of t... | 9.8 - CRITICAL | 2022-12-25 | 2023-11-07 |
| CVE-2020-10666 json | The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code ... | 9.8 - CRITICAL | 2021-05-31 | 2022-07-12 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 | |||
| Application | Sangoma | Freepbx | 2.9.0 |