PT-2026-23489 · Elevenlabs+1 · Elevenlabs Text-To-Speech+1

H00Die-Gr3Y

Publicado

2026-03-05

Atualizado

2026-03-06

CVE-2026-28209

CVSS v4.0

7.5

Alta

Vetor

AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions FreePBX versions 16.0.17.2 through 16.0.20 FreePBX versions 17.0.2.4 through 17.0.5

Description FreePBX, an open source IP PBX, contains a command injection issue within the recordings module when utilizing the ElevenLabs Text-to-Speech (TTS) engine. The issue allows for potential unauthorized command execution.

Recommendations Update to FreePBX version 16.0.20 or later. Update to FreePBX version 17.0.5 or later.

Exploit

Correção

RCE

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2026-28209

GHSA-F558-MP87-58VJ

Produtos afetados

Elevenlabs Text-To-Speech

Freepbx

PT-2026-23489 · Elevenlabs+1 · Elevenlabs Text-To-Speech+1

CVE-2026-28209

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8