Skip to main content

TeamSpeak 3 Server EUVDEUVD-2026-32592

| CVE-2026-4392 MEDIUM
Reachable Assertion (CWE-617)
2026-05-27 cna@vuldb.com GHSA-jfq9-pq7p-655w
6.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
May 27, 2026 - 21:04 vuln.today

DescriptionCVE.org

A vulnerability was detected in TeamSpeak 3 Server up to 3.13.7. This issue affects some unknown processing of the component clientek Handshake Handler. Performing a manipulation of the argument proof results in reachable assertion. Remote exploitation of the attack is possible. Upgrading to version 3.13.8 is capable of addressing this issue. Upgrading the affected component is recommended.

AnalysisAI

Reachable assertion in TeamSpeak 3 Server's client handshake handler allows remote unauthenticated attackers to crash the server by manipulating the 'proof' argument during connection setup, resulting in a denial of service. All versions from 3.13.0 through 3.13.7 are affected; the issue was independently researched by modzero and disclosed via TeamSpeak security advisory TS-SA-2026-001. No public exploit or CISA KEV listing exists at time of analysis, but the low-complexity, no-privileges-required attack surface makes this straightforward to trigger remotely.

Technical ContextAI

TeamSpeak 3 Server implements a proprietary client-server protocol with a handshake phase during connection establishment. The vulnerable component is the client handshake handler ('clientek Handshake Handler'), specifically the processing of a 'proof' argument exchanged during the handshake. CWE-617 (Reachable Assertion) indicates that an assert() or equivalent defensive check within the handshake parsing code can be triggered by supplying unexpected or malformed input for the 'proof' field, causing the server process to abort rather than gracefully reject the connection. This is a logic/defensive-programming flaw rather than a memory safety issue - the assertion was likely intended as an internal invariant check but is reachable via externally controlled input. Affected CPE covers TeamSpeak 3 Server versions 3.13.0 through 3.13.7 on all supported platforms.

RemediationAI

Upgrade to TeamSpeak 3 Server version 3.13.8, which resolves this vulnerability per the vendor advisory at https://files.teamspeak-services.com/docs/security/TS-SA-2026-001.html. The patched release is available at https://www.teamspeak.com/en/downloads/#server. If immediate patching is not possible, consider restricting access to the TeamSpeak server port (default UDP 9987) to trusted IP ranges using firewall rules - this limits the remote attack surface but will prevent legitimate users from connecting from outside those ranges. There is no documented workaround that disables only the vulnerable handshake proof processing without also blocking client connections entirely. Given the DoS-only impact and availability of a vendor patch, upgrading to 3.13.8 is the recommended and sufficient remediation.

Share

EUVD-2026-32592 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy