Skip to main content

Frogman CVE-2026-46515

| EUVDEUVD-2026-45002 CRITICAL
Missing Authorization (CWE-862)
2026-07-16 GitHub_M
9.3
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.6 CRITICAL

Network-reachable API needing only a low-privilege read token (PR:L, AC:L); leaked host/trunk secrets and arbitrary saved-query execution cross into the Asterisk backend (S:C, C:H/I:H), with no availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
Jul 16, 2026 - 20:48 EUVD
Source Code Evidence Fetched
Jul 16, 2026 - 18:49 vuln.today
Analysis Generated
Jul 16, 2026 - 18:49 vuln.today
CVE Published
Jul 16, 2026 - 18:17 cve.org
CRITICAL 9.3

DescriptionCVE.org

Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.3, PERM_READ access was sufficient to call fm_list_managers, fm_list_pinsets, fm_show_context, fm_get_mcp_config, fm_backup_status, fm_whos_calling, fm_run_saved_query, and fm_diagnose_trunk, exposing AMI manager secrets, outbound dial PINs, full Asterisk dialplan context, root SSH connection commands, backup artifact paths, CDR history, arbitrary saved GraphQL query execution, and raw AMI endpoint dumps containing SIP fields such as password, md5_cred, and oauth_secret. This issue is fixed in version 1.6.3.

AnalysisAI

Missing authorization in Frogman, a headless Asterisk PBX control layer exposed over MCP and an HTTP API, lets any low-privilege PERM_READ caller invoke eight administrative tools (fm_list_managers, fm_list_pinsets, fm_show_context, fm_get_mcp_config, fm_backup_status, fm_whos_calling, fm_run_saved_query, fm_diagnose_trunk) that should require admin, leaking AMI manager secrets, outbound dial PINs, full dialplan context, root SSH connection commands, backup artifact paths, CDR history, and raw AMI endpoint dumps containing SIP password/md5_cred/oauth_secret fields, plus executing arbitrary saved GraphQL queries. All releases prior to 1.6.3 are affected, tracked under GHSA-q4c4-5cr4-8q47 with a CVSS 4.0 score of 9.3. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege PERM_READ token
Delivery
Reach Frogman MCP/HTTP API over network
Exploit
Call read-tier admin tools (fm_diagnose_trunk, fm_list_managers)
Execution
Harvest AMI secrets, SIP creds, PINs, SSH commands
Impact
Pivot to Asterisk host or commit toll fraud

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold a valid low-privilege PERM_READ credential/token for the Frogman MCP or HTTP API (PR:L) plus network reachability to that API (AV:N); no user interaction and no admin rights are needed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N) describes a remotely reachable, low-complexity flaw requiring only low-privilege authentication, with high confidentiality and integrity impact on both the vulnerable system (VC:H/VI:H) and subsequent systems (SC:H/SI:H) - the latter reflecting that leaked AMI secrets, root SSH commands, and PINs enable pivoting into the underlying Asterisk host and telephony trunk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who obtains any low-privilege PERM_READ token - for example a shared read-only automation credential or a compromised MCP client - calls fm_diagnose_trunk and fm_list_managers over the network and receives AMI manager secrets and raw SIP credentials (password, md5_cred, oauth_secret) in the response. With low attack complexity and no user interaction, they then use fm_show_context and fm_list_pinsets to harvest the dialplan and outbound PINs, and fm_run_saved_query to execute stored GraphQL queries, enabling toll fraud or lateral movement into the Asterisk host via disclosed root SSH commands. …
Remediation Vendor-released patch: upgrade to Frogman 1.6.3, which reassigns the affected tools (notably fm_diagnose_trunk) to PERM_ADMIN and adds line-level redaction of SIP credential fields in pjsip endpoint/registration dumps before they reach responses or the audit log; follow GHSA-q4c4-5cr4-8q47 (https://github.com/mwtcmi/frogman/security/advisories/GHSA-q4c4-5cr4-8q47). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, audit Frogman deployment locations and access logs for exploitation attempts; within 7 days, upgrade all instances to Frogman 1.6.3 or later; within 30 days, rotate all AMI manager credentials, SIP passwords, SSH keys, and OAuth secrets, and conduct forensic analysis of administrative tool invocations during the vulnerability window.

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-46515 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy