CVE-2026-0754
Lifecycle Timeline
2DescriptionCVE.org
An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate.
Analysis
An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate.
Technical ContextAI
Classified as CWE-321 (Use of Hard-coded Cryptographic Key). An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate.
Affected ProductsAI
An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certifica
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-321 – Use of Hard-coded Cryptographic Key
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today