CVE-2026-39864

| EUVD-2026-20617 MEDIUM
2026-04-08 [email protected]
4.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 08, 2026 - 20:23 euvd
EUVD-2026-20617
Analysis Generated
Apr 08, 2026 - 20:23 vuln.today
CVE Published
Apr 08, 2026 - 20:16 nvd
MEDIUM 4.4

Tags

Information Disclosure Buffer Overflow Denial Of Service

Description

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) via a specially crafted SIP packet if a successful user authentication without a database backend is followed by additional user identity checks. This vulnerability is fixed in 6.0.5 and 5.8.7.

Analysis

Kamailio versions prior to 6.0.5 and 5.8.7 contain an out-of-bounds read in the auth module that allows remote attackers with high privileges to trigger a denial of service via a specially crafted SIP packet when successful user authentication without a database backend is followed by additional identity checks. The vulnerability requires high privilege level and high attack complexity but can reliably crash the Kamailio process, impacting SIP service availability.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

22
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +22
POC: 0

Share

CVE-2026-39864 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy