Which versions of Slican PBX are affected by CVE-2026-35089?

Slican telephone exchanges (IPx, CCT-1668, MAC-6400, CXS-0424 series) contain a critical vulnerability enabling unauthenticated remote attackers to derive administrator credentials, potentially…. A patch is available.

Slican PBX CVE-2026-35089

Q: What is the CVSS score of CVE-2026-35089?

CVE-2026-35089 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-32277 HIGH

Use of Weak Credentials (CWE-1391)

2026-05-27 cvd@cert.pl

GHSA-pch2-h8hc-84fh

Information Disclosure Microsoft

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 27, 2026 - 19:57 vuln.today

Patch available

May 27, 2026 - 19:46 EUVD

CVE Published

May 27, 2026 - 14:16 nvd

HIGH 8.7

DescriptionNVD

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials.

This issue was fixed in versions below:

IPx series: version 6.61.0040
CCT-1668: version 6.56.0430
MAC-6400: version 6.56.0430
CXS-0424: version 6.30.0510

The issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below:

CCT-1668 (CCT1CPU)
MAC-6400
CXS-0424

These products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.

AnalysisAI

Predictable secure-key generation in Slican telephone exchanges (IPx, CCT-1668, MAC-6400, and CXS-0424 series) lets a remote unauthenticated attacker reconstruct the device's secure key from exchange properties that are readable without credentials, then derive administrator credentials. The flaw is network-reachable with low attack complexity and no authentication (CVSS 4.0 base 8.7), and while fixed firmware is available for supported lines, discontinued 4.xx and earlier units remain permanently exposed. …

RemediationAI

Within 24 hours: Inventory all Slican telephone exchange models in production and identify any discontinued 4.xx units. Within 7 days: Apply vendor-released firmware patches to all supported product lines (IPx series and later). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory