CNNVD-202602-2113 Information
CNNVD ID
CNNVD-202602-2113
Related CVE
- CNNVD Published: 2026-02-12
Description (Chinese)
FreePBX(前称Asterisk Management Portal)是FreePBX项目的一套通过GUI(基于网页的图形化接口)配置Asterisk(IP电话系统)的工具。 FreePBX 17.0.5之前版本和16.0.17之前版本存在安全漏洞,该漏洞源于api模块存在权限验证缺陷,可能导致已认证用户通过伪造JWT令牌进行权限提升。
Description (English)
FreePBX (formerly Asterisk Management Portal) is a set of tools for the FreePBX project to configure Asteristk (IP telephone system) through GUI (page-based graphical interface). There is a security loophole in the pre-FreePBX 17.0.5 and pre-version 16.0.17, which stems from a bug in the api module, which may lead to the upgrading of the rights of certified users by falsifying JWT.
Vulnerability Type
其他
Affected Vendor
FreePBX
Published
2026-02-12
Last Modified
2026-02-24
References
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-gvgh-p7wj-76cf https://github.com/FreePBX/api/commit/bc6f7d72063cffb18babb6559fa351046d7ad19b https://github.com/FreePBX/api/commit/c16a3a79b83382fb4884e51174882ed635637002 https://github.com/FreePBX/api/commit/d66786634e7e7d3eedcb4d0931b32c415ba6e9ef https://access.redhat.com/security/cve/cve-2025-55210
Patch
https://www.freepbx.org/downloads/
Share on: