cbcvebase.
CVE-2026-23740
published 2026-02-06

CVE-2026-23740: Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when…

PriorityP344high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.11%
1.6th percentile
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.

Affected

16 ranges
VendorProductVersion rangeFixed in
asteriskasterisk< 23.2.223.2.2
asteriskasterisk< 22.8.222.8.2
asteriskasterisk< 21.12.121.12.1
asteriskasterisk< 20.18.220.18.2
asteriskasterisk< 20.7-cert920.7-cert9
asteriskasterisk>= 0 < 1:16.28.0~dfsg-0+deb11u91:16.28.0~dfsg-0+deb11u9
debianasterisk< asterisk 1:16.28.0~dfsg-0+deb11u9 (bullseye)asterisk 1:16.28.0~dfsg-0+deb11u9 (bullseye)
sangomaasterisk< 20.18.220.18.2
sangomaasterisk>= 21.0.0 < 21.12.121.12.1
sangomaasterisk>= 22.0.0 < 22.8.222.8.2
sangomaasterisk>= 23.0.0 < 23.2.223.2.2
sangomacertified_asterisk
sangomacertified_asterisk
sangomacertified_asterisk
sangomacertified_asterisk
sangomacertified_asterisk

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian7.8NONE
vendor_redhat7.8NONE
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.