Skip to main content

Sangoma Switchvox CVE-2026-9587

HIGH
External Control of File Name or Path (CWE-73)
2026-07-17 SRA
7.1
CVSS 4.0 · Vendor: SRA
Share

Severity by source

Vendor (SRA) PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Network-reachable authenticated endpoint (PR:L) with low complexity yields high confidentiality file disclosure only; no integrity or availability impact and no scope change.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (SRA).

CVSS VectorVendor: SRA

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 17, 2026 - 16:46 vuln.today
CVE Published
Jul 17, 2026 - 15:58 cve.org
HIGH 7.1

DescriptionCVE.org

An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The play_file functionality accepts user-controlled input through the sound_path parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying absolute paths, an authenticated attacker can retrieve files outside the intended directory scope.

AnalysisAI

Arbitrary file read in Sangoma Switchvox SMB Edition 8.3 (build 104997) allows an authenticated user to disclose sensitive files anywhere on the appliance filesystem. The play_file functionality trusts the user-controlled sound_path parameter and fails to validate paths, so supplying an absolute path escapes the intended sound directory. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged Switchvox login
Delivery
Reach play_file web endpoint
Exploit
Set sound_path to absolute path
Execution
Server reads file outside sound directory
Impact
Exfiltrate sensitive file contents

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated session on Sangoma Switchvox SMB Edition 8.3 (CVSS PR:L confirms a low-privileged account is needed) and network access to the web interface exposing the play_file functionality. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N, base 7.1) is internally consistent with the description: network-reachable, low complexity, requiring low privileges (PR:L, i.e. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with any low-privileged Switchvox account (or one obtained via phishing/credential reuse) sends a crafted request to the play_file functionality setting sound_path to an absolute path such as /etc/passwd or an application configuration file. The server reads and returns the file contents, letting the attacker harvest credentials, keys, or configuration to enable further compromise. …
Remediation Patch available per vendor advisory: apply the fix described in Sangoma's GitHub security advisory GHSA-mhp4-x83p-phh2 (https://github.com/sangoma/security-switchvox/security/advisories/GHSA-mhp4-x83p-phh2); no exact fixed build number is given in the provided data, so confirm the patched version directly with Sangoma before deploying. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Switchvox SMB Edition 8.3 instances and disable unnecessary administrator and user accounts to reduce attack surface. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9587 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy