PT-2026-42119 · Freepbx · Freepbx

S0Nnywt

·

Published

2026-05-20

·

Updated

2026-06-01

·

CVE-2026-46376

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions FreePBX (affected versions not specified)
Description Hardcoded credentials in the Userman module allow unauthenticated access to the portal, potentially exposing business phone systems.
Recommendations Update the installed modules to the latest version.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-46376
GHSA-M55X-H47X-V3GX

Affected Products

Freepbx