anonhaven
Ad

CVE-2026-28209

HIGH CVSS 4.0: 7.5 EPSS 0.16%
Updated Mar 06, 2026
Sangoma
Parameter Value
CVSS 7.5 (HIGH)
Affected Versions 16.0.17.2 — 17.0.5
Fixed In 16.0.20
Type CWE-78 (OS Command Injection)
Vendor Sangoma
Public PoC No

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech (TTS) engine in the recordings module. This issue has been patched in versions 16.0.20 and 17.0.5.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
Present
Additional conditions required
Privileges Required
High
Admin privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-78 OS Command Injection

Vulnerable Products 2

Configuration From (including) Up to (excluding)
Sangoma Freepbx
cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*
 16.0.17.2 16.0.20
Sangoma Freepbx
cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*
 17.0.2.4 17.0.5

References 1

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-f558-mp8…
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-28287

Sangoma

8.6

CVE-2026-28284

Sangoma

8.6

CVE-2026-28210

Sangoma

8.6

CVE-2024-57520

Sangoma

9.8