CVE-2026-23740

EPSS 0.02%
Veröffentlicht 06.02.2026 16:43:41
Zuletzt bearbeitet 10.02.2026 18:25:39
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sangoma ≫ Certified Asterisk Version13.13.0 Update-

Sangoma ≫ Certified Asterisk Version13.13.0 Updatecert1

Sangoma ≫ Certified Asterisk Version13.13.0 Updatecert1-rc1

Sangoma ≫ Certified Asterisk Version13.13.0 Updatecert1-rc2

Sangoma ≫ Certified Asterisk Version13.13.0 Updatecert1-rc3

Sangoma ≫ Certified Asterisk Version13.13.0 Updatecert1-rc4

Sangoma ≫ Certified Asterisk Version13.13.0 Updatecert2

Sangoma ≫ Certified Asterisk Version13.13.0 Updatecert3

Sangoma ≫ Certified Asterisk Version13.13.0 Updaterc1

Sangoma ≫ Certified Asterisk Version13.13.0 Updaterc2

Sangoma ≫ Certified Asterisk Version16.8 Updatecert1-rc1

Sangoma ≫ Certified Asterisk Version16.8 Updatecert1-rc2

Sangoma ≫ Certified Asterisk Version16.8 Updatecert1-rc3

Sangoma ≫ Certified Asterisk Version16.8 Updatecert1-rc4

Sangoma ≫ Certified Asterisk Version16.8 Updatecert1-rc5

Sangoma ≫ Certified Asterisk Version16.8 Updatecert10

Sangoma ≫ Certified Asterisk Version16.8 Updatecert11

Sangoma ≫ Certified Asterisk Version16.8 Updatecert12

Sangoma ≫ Certified Asterisk Version16.8 Updatecert13

Sangoma ≫ Certified Asterisk Version16.8 Updatecert14

Sangoma ≫ Certified Asterisk Version16.8 Updatecert4-rc1

Sangoma ≫ Certified Asterisk Version16.8 Updatecert4-rc2

Sangoma ≫ Certified Asterisk Version16.8 Updatecert4-rc3

Sangoma ≫ Certified Asterisk Version16.8 Updatecert4-rc4

Sangoma ≫ Certified Asterisk Version16.8.0 Update-

Sangoma ≫ Certified Asterisk Version16.8.0 Updatecert1

Sangoma ≫ Certified Asterisk Version16.8.0 Updatecert10

Sangoma ≫ Certified Asterisk Version16.8.0 Updatecert11

Sangoma ≫ Certified Asterisk Version16.8.0 Updatecert12

Sangoma ≫ Certified Asterisk Version16.8.0 Updatecert2

Sangoma ≫ Certified Asterisk Version16.8.0 Updatecert3

Sangoma ≫ Certified Asterisk Version16.8.0 Updatecert4

Sangoma ≫ Certified Asterisk Version16.8.0 Updatecert5

Sangoma ≫ Certified Asterisk Version16.8.0 Updatecert6

Sangoma ≫ Certified Asterisk Version16.8.0 Updatecert7

Sangoma ≫ Certified Asterisk Version16.8.0 Updatecert8

Sangoma ≫ Certified Asterisk Version16.8.0 Updatecert9

Sangoma ≫ Certified Asterisk Version18.9 Update-

Sangoma ≫ Certified Asterisk Version18.9 Updatecert1

Sangoma ≫ Certified Asterisk Version18.9 Updatecert1-rc1

Sangoma ≫ Certified Asterisk Version18.9 Updatecert10

Sangoma ≫ Certified Asterisk Version18.9 Updatecert11

Sangoma ≫ Certified Asterisk Version18.9 Updatecert12

Sangoma ≫ Certified Asterisk Version18.9 Updatecert13

Sangoma ≫ Certified Asterisk Version18.9 Updatecert14

Sangoma ≫ Certified Asterisk Version18.9 Updatecert15

Sangoma ≫ Certified Asterisk Version18.9 Updatecert16

Sangoma ≫ Certified Asterisk Version18.9 Updatecert2

Sangoma ≫ Certified Asterisk Version18.9 Updatecert3

Sangoma ≫ Certified Asterisk Version18.9 Updatecert4

Sangoma ≫ Certified Asterisk Version18.9 Updatecert5

Sangoma ≫ Certified Asterisk Version18.9 Updatecert6

Sangoma ≫ Certified Asterisk Version18.9 Updatecert7

Sangoma ≫ Certified Asterisk Version18.9 Updatecert8

Sangoma ≫ Certified Asterisk Version18.9 Updatecert8-rc1

Sangoma ≫ Certified Asterisk Version18.9 Updatecert8-rc2

Sangoma ≫ Certified Asterisk Version18.9 Updatecert9

Sangoma ≫ Certified Asterisk Version20.7 Updatecert1

Sangoma ≫ Certified Asterisk Version20.7 Updatecert1-rc1

Sangoma ≫ Certified Asterisk Version20.7 Updatecert1-rc2

Sangoma ≫ Certified Asterisk Version20.7 Updatecert2

Sangoma ≫ Certified Asterisk Version20.7 Updatecert3

Sangoma ≫ Certified Asterisk Version20.7 Updatecert4

Sangoma ≫ Certified Asterisk Version20.7 Updatecert5

Sangoma ≫ Certified Asterisk Version20.7 Updatecert6

Sangoma ≫ Certified Asterisk Version20.7 Updatecert7

Sangoma ≫ Asterisk Version < 20.18.2

Sangoma ≫ Asterisk Version >= 21.0.0 < 21.12.1

Sangoma ≫ Asterisk Version >= 22.0.0 < 22.8.2

Sangoma ≫ Asterisk Version >= 23.0.0 < 23.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.047

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
security-advisories@github.com	0	1.8	0	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-23740

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23740

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23740

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-23740