Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A security vulnerability has been detected in TeamSpeak 3 Server up to 3.13.7. This vulnerability affects unknown code of the component ECC Key Parser. Such manipulation leads to heap-based buffer overflow. The attack may be launched remotely. Upgrading to version 3.13.8 is able to resolve this issue. It is suggested to upgrade the affected component.
AnalysisAI
Heap-based buffer overflow in TeamSpeak 3 Server's ECC Key Parser allows remote unauthenticated attackers to crash the server, causing a denial of service against all versions up to and including 3.13.7. The vulnerability was discovered and disclosed by modzero security research (advisory mz-26-01-teamspeak) with a coordinated vendor response resulting in TeamSpeak security advisory TS-SA-2026-001. A proof-of-concept exploit exists per SSVC data, and the attack is automatable, meaning exploitation can be scripted at scale against exposed TeamSpeak server instances. No public exploit identified as confirmed actively exploited in the wild (not listed in CISA KEV at time of analysis).
Technical ContextAI
The vulnerability resides in the ECC (Elliptic Curve Cryptography) Key Parser component of the TeamSpeak 3 Server daemon. CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) covers the root cause: a heap-based buffer overflow triggered by a malformed or adversarially crafted ECC key input. ECC key parsing typically occurs during connection establishment or cryptographic handshake processing, meaning the vulnerable code path is reachable without authentication. Heap overflows in parsers of this nature can overwrite adjacent heap metadata or function pointers; in this case, the CVSS 4.0 impact metrics (VC:N/VI:N/VA:L) indicate the primary exploitable consequence observed is availability degradation (server crash/DoS) rather than confirmed arbitrary code execution, though heap corruption primitives in general may carry latent exploitation potential depending on heap layout. Affected versions span TeamSpeak 3 Server 3.13.0 through 3.13.7.
RemediationAI
The primary fix is upgrading TeamSpeak 3 Server to version 3.13.8, which resolves the heap buffer overflow in the ECC Key Parser. Patched binaries are available from the official TeamSpeak download page (https://www.teamspeak.com/en/downloads/#server); reference vendor advisory TS-SA-2026-001 (https://files.teamspeak-services.com/docs/security/TS-SA-2026-001.html) for upgrade guidance. If immediate patching is not feasible, a compensating control is to restrict access to the TeamSpeak server's listening port (default UDP 9987 for voice, TCP 10011 for ServerQuery, TCP 30033 for file transfer) to trusted IP ranges using firewall rules - this directly prevents remote exploitation by untrusted hosts but does not eliminate the vulnerability and may impact legitimate users. An additional short-term measure is to place the server behind a network-layer firewall that blocks unsolicited inbound connections, reducing the automated exploitation risk flagged by SSVC. Neither workaround substitutes for patching, as they only reduce exposure surface.
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32585
GHSA-h574-9fvh-93j7