CVE-2019-19006
Sangoma FreePBX Improper Authentication Vulnerability
CVSS
—
Sin CVSS
EPSS
36.6%
p98
KEV
SÍ
3 feb 2026
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Sangoma / FreePBX
Vulnerabilidad
Sangoma FreePBX Improper Authentication Vulnerability
Añadido a KEV
3 feb 2026
Remediar antes de
24 feb 2026
Uso conocido en ransomware
No
Descripción resumida
Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services provided by the FreePBX admin.
Acción requerida
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notas
https://wiki.freepbx.org/display/FOP/2019-11-20%2BRemote%2BAdmin%2BAuthentication%2BBypass ; https://nvd.nist.gov/vuln/detail/CVE-2019-19006