Known Vulnerabilities for products from Sangoma
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Sangoma".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Sangoma can be found at device.report : Sangoma
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-46376 json | FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the ... | Not Provided | 2026-05-29 | 2026-06-01 |
| CVE-2026-45362 json | Not Provided | 2026-05-12 | 2026-05-12 | |
| CVE-2026-44239 json | FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP fi... | Not Provided | 2026-05-29 | 2026-06-01 |
| CVE-2026-44238 json | FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the ... | Not Provided | 2026-05-29 | 2026-06-01 |
| CVE-2026-44237 json | FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently valid... | Not Provided | 2026-05-29 | 2026-06-01 |
| CVE-2023-43336 json | Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control is... | 8.8 - HIGH | 2023-11-02 | 2023-11-09 |
| CVE-2023-26567 json | Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in ... | 8.1 - HIGH | 2023-04-26 | 2023-05-05 |
| CVE-2022-42706 json | An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18... | 4.9 - MEDIUM | 2022-12-05 | 2023-02-24 |
| CVE-2022-42705 json | A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote au... | 6.5 - MEDIUM | 2022-12-05 | 2023-02-24 |
| CVE-2022-37325 json | In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to add... | 7.5 - HIGH | 2022-12-05 | 2023-02-24 |
| CVE-2022-23608 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-02-22 | 2023-08-30 |
| CVE-2022-21723 json | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols ... | 9.1 - CRITICAL | 2022-01-27 | 2023-08-30 |
| CVE-2021-45461 json | FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote at... | 9.8 - CRITICAL | 2021-12-22 | 2022-01-05 |
| CVE-2021-45310 json | Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an im... | 5.3 - MEDIUM | 2022-02-14 | 2022-07-12 |
| CVE-2021-37706 json | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols ... | 9.8 - CRITICAL | 2021-12-22 | 2023-08-30 |
| CVE-2021-4283 json | A vulnerability was found in FreeBPX voicemail. It has been rated as problematic. Affected by this issue is some unknown func... | 5.4 - MEDIUM | 2022-12-27 | 2023-11-07 |
| CVE-2021-4282 json | A vulnerability was found in FreePBX voicemail. It has been declared as problematic. Affected by this vulnerability is an unk... | 6.1 - MEDIUM | 2022-12-27 | 2023-11-07 |
| CVE-2020-36630 json | A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of t... | 9.8 - CRITICAL | 2022-12-25 | 2023-11-07 |
| CVE-2020-10666 json | The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code ... | 9.8 - CRITICAL | 2021-05-31 | 2022-07-12 |
| CVE-2019-25090 json | A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some ... | 6.1 - MEDIUM | 2022-12-27 | 2023-11-07 |
Known software with vulnerabilities from Sangoma
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Sangoma | Asterisk | 16.10.0 |
| Application | Sangoma | Freepbx | 10.13.66 |
| Hardware | Sangoma | Session Border Controller | - |
| Operating System | Sangoma | Session Border Controller Firmware | 2.2.1-18-ga |
| Application | Sangoma | Superfecta | 13.0.1 |