Strix
26.1K

CVE-2026-23740

HIGHCVSS 7.8/10EPSS 0.11%

Last modified

CVE-2026-23740 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. EPSS estimates a 0.11% chance of exploitation in the next 30 days.

Description

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability
0.11%

1.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
SangomaCertified Asterisk13.13.0
SangomaCertified Asterisk16.8Cert1-Rc1
SangomaCertified Asterisk16.8.0
SangomaCertified Asterisk18.9
SangomaCertified Asterisk20.7Cert1
SangomaAsterisk< 20.18.2
SangomaAsterisk>= 21.0.0, < 21.12.1
SangomaAsterisk>= 22.0.0, < 22.8.2
SangomaAsterisk>= 23.0.0, < 23.2.2

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2026-23740?
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
How severe is CVE-2026-23740?
CVE-2026-23740 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.11% probability of exploitation in the next 30 days.
How do I fix CVE-2026-23740?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-23740?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST