Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 17 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 17 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The play_file functionality accepts user-controlled input through the sound_path parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying absolute paths, an authenticated attacker can retrieve files outside the intended directory scope. | |
| Title | Authenticated Local File Inclusion (LFI) in Switchvox SMB Web Portal | |
| Weaknesses | CWE-73 | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: SRA
Published:
Updated: 2026-07-17T16:42:37.099Z
Reserved: 2026-05-26T13:03:31.955Z
Link: CVE-2026-9587
Updated: 2026-07-17T16:42:32.375Z
No data.
No data.
OpenCVE Enrichment
No data.