PT-2026-42119 · Freepbx · Freepbx
S0Nnywt
·
Published
2026-05-20
·
Updated
2026-06-01
·
CVE-2026-46376
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FreePBX (affected versions not specified)
Description
Hardcoded credentials in the Userman module allow unauthenticated access to the portal, potentially exposing business phone systems.
Recommendations
Update the installed modules to the latest version.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freepbx