Skip to main content

Slican PBX CVE-2026-35087

| EUVD-2026-32276 CRITICAL
Authentication Bypass Using an Alternate Path or Channel (CWE-288)
2026-05-27 cvd@cert.pl GHSA-74x7-73gr-c646
Authentication Bypass
9.3
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
May 27, 2026 - 19:46 EUVD
Analysis Generated
May 27, 2026 - 19:43 vuln.today
CVE Published
May 27, 2026 - 14:16 nvd
CRITICAL 9.3

DescriptionNVD

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command.

This issue was fixed in versions below:

  • NCP: version 1.24.0250
  • IPx series: version 6.61.0040
  • CCT-1668: version 6.56.0430
  • MAC-6400: version 6.56.0430
  • CXS-0424: version 6.30.0510

The issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below:

  • CCT-1668 (CCT1CPU)
  • MAC-6400
  • CXS-0424

These products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.

AnalysisAI

Authentication bypass in Slican telephone exchanges (NCP, IPx, CCT-1668, MAC-6400, and CXS-0424 PBX systems) lets a remote attacker skip credential entry on the administrative protocol simply by issuing a specific command, granting full administrative control of the exchange. The flaw was reported by CERT Polska (cert.pl), carries a CVSS 4.0 base score of 9.3, and has no public exploit identified at time of analysis; however, the high score reflects unauthenticated network-reachable access with full confidentiality, integrity, and availability impact. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify and audit all Slican PBX systems in production by model and current firmware version; restrict network access to administrative interfaces. Within 7 days: For current-model systems, contact Slican to obtain fixed firmware; validate and apply in test environment before production deployment. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-35087 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy