CVE-2026-39864

Name of the Vulnerable Software and Affected Versions Kamailio versions prior to 6.0.5 and 5.8.7

Description Kamailio, an open source SIP Signaling Server, contains a flaw in the auth module. A specially crafted SIP packet can trigger an out-of-bounds read, leading to a denial of service (process crash) if a successful user authentication occurs without a database backend, followed by further user identity checks.

Recommendations Update to version 6.0.5 or 5.8.7