Skip to main content

Eleveo Call Recording CVE-2026-15474

| EUVDEUVD-2026-43196 LOW
Improper Authorization (CWE-285)
2026-07-12 VulDB GHSA-7vp6-798p-p545
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.3 MEDIUM

Network-accessible IDOR requiring only authenticated session; impact is read-only access to call recordings with no integrity, availability, or scope change.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jul 12, 2026 - 03:22 NVD
MEDIUM LOW
CVSS changed
Jul 12, 2026 - 03:22 NVD
5.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
Jul 12, 2026 - 02:43 vuln.today

DescriptionCVE.org

A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unknown function of the file /callrec/audio.jsp of the component Call Recording Handler. The manipulation of the argument callId results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Improper authorization in Eleveo Call Recording Software 9.7.0 enables remote authenticated attackers to access call recordings they are not permitted to view by manipulating the callId parameter in the /callrec/audio.jsp endpoint. The flaw follows a classic Insecure Direct Object Reference (IDOR) pattern under CWE-285, where the application fails to enforce per-user ownership checks on recording identifiers. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain valid low-privilege credentials
Delivery
Authenticate to Call Recording web UI
Exploit
Identify or enumerate callId values
Execution
Send crafted request to /callrec/audio.jsp with out-of-scope callId
Impact
Receive and exfiltrate unauthorized call recording audio

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid authenticated session to the Eleveo Call Recording Software web interface (PR:L per CVSS 4.0 vector) - unauthenticated exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P) reflects a medium-severity, low-complexity network-exploitable flaw requiring only a low-privilege authenticated session. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a valid low-privilege account on an Eleveo 9.7.0 deployment sends crafted HTTP GET requests to `/callrec/audio.jsp?callId=<enumerated_value>`, iterating through sequential or predictable call identifiers. Because no server-side ownership check is enforced, the server returns audio recordings belonging to other users or restricted lines. …
Remediation No vendor-released patch has been identified at time of analysis - the vendor did not respond to the responsible disclosure, leaving no official fix version to recommend. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15474 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy