PT-2026-23489 · Elevenlabs+1 · Elevenlabs Text-To-Speech+1
H00Die-Gr3Y
·
Published
2026-03-05
·
Updated
2026-03-06
·
CVE-2026-28209
CVSS v4.0
7.5
High
| Vector | AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
FreePBX versions 16.0.17.2 through 16.0.20
FreePBX versions 17.0.2.4 through 17.0.5
Description
FreePBX, an open source IP PBX, contains a command injection issue within the recordings module when utilizing the ElevenLabs Text-to-Speech (TTS) engine. The issue allows for potential unauthorized command execution.
Recommendations
Update to FreePBX version 16.0.20 or later.
Update to FreePBX version 17.0.5 or later.
Exploit
Fix
RCE
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Elevenlabs Text-To-Speech
Freepbx