CVE-2026-23740

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-23740
CVSS

No CVSS.

A

sterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.

References
Link Resource
https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sangoma:certified_asterisk:13.13.0:-:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc5:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert10:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert11:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert12:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert13:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert14:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:-:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert10:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert11:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert12:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert13:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert14:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert15:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert16:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert6:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert7:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert9:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:20.7:cert2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:20.7:cert3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:20.7:cert4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:20.7:cert5:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:20.7:cert6:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:20.7:cert7:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*
History

10 Feb 2026, 18:25

Type Values Removed Values Added
References () https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c - () https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c - Vendor Advisory
CPE cpe:2.3:a:sangoma:certified_asterisk:13.13.0:-:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert13:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:20.7:cert3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert9:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert11:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert10:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert14:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert7:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc5:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert10:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*
cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:20.7:cert6:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert12:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:20.7:cert7:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert6:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert13:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert11:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert16:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert14:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert15:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:20.7:cert2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:20.7:cert4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:20.7:cert5:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8:cert12:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:-:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*
First Time Sangoma
Sangoma certified Asterisk
Sangoma asterisk

06 Feb 2026, 17:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-06 17:16

Updated : 2026-02-10 18:25

NVD link : CVE-2026-23740

Mitre link : CVE-2026-23740

CVE.ORG link : CVE-2026-23740

JSON object : View

Products Affected

sangoma

CWE
CWE-427

Uncontrolled Search Path Element