Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A weakness has been identified in TeamSpeak 3 Server up to 3.13.7. This affects the function process_resend_queue of the component Connection State Management. This manipulation causes use after free. The attack may be initiated remotely. Upgrading to version 3.13.8 is able to mitigate this issue. The affected component should be upgraded.
AnalysisAI
Use-after-free in TeamSpeak 3 Server versions 3.13.0 through 3.13.7 allows a low-privileged remote attacker to corrupt server memory via the process_resend_queue function within Connection State Management, resulting in limited integrity and availability impact. Discovered and disclosed by modzero.com (advisory MZ-26-01) and acknowledged by TeamSpeak via official security advisory TS-SA-2026-001, the vendor has released version 3.13.8 as the fix. No public exploit code exists and no active exploitation has been identified at time of analysis.
Technical ContextAI
The vulnerability resides in the process_resend_queue function of TeamSpeak 3 Server's Connection State Management subsystem - a component responsible for handling connection lifecycle and retransmission logic. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), with reporter tags further specifying a use-after-free condition, a subclass where code references a memory region after it has been deallocated. This can lead to heap corruption, potentially enabling controlled data manipulation or process crashes. The affected product covers the full TeamSpeak 3 Server 3.13.x line (3.13.0-3.13.7) as confirmed by ENISA EUVD-2026-32580. The independent security firm modzero.com identified and responsibly disclosed the issue; additional technical details are available in advisory MZ-26-01 at https://modzero.com/en/advisories/mz-26-01-teamspeak/.
RemediationAI
The primary and recommended fix is upgrading TeamSpeak 3 Server to version 3.13.8, which is confirmed by the vendor as resolving this vulnerability. The latest server binaries are available at https://www.teamspeak.com/en/downloads/#server, and the vendor's security advisory TS-SA-2026-001 at https://files.teamspeak-services.com/docs/security/TS-SA-2026-001.html provides authoritative patch confirmation. If immediate upgrading is not operationally feasible, administrators should restrict server access to a minimum set of trusted authenticated users and apply network-level firewall or VPN rules to limit which client IPs can establish connections, reducing the pool of potential attackers who could trigger the vulnerable code path - note this trade-off reduces service accessibility. No official vendor-documented workarounds short of patching have been identified in the available references.
Same weakness CWE-119 – Buffer Overflow
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32580
GHSA-cr8m-87qj-3732