CVE-2026-28799 — Use After Free in Pjproject
Severity
8.7HIGHNVD
EPSS
0.1%
top 81.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 6
Description
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patched in version 2.17.
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Packages2 packages
Patches
🔴Vulnerability Details
1OSV▶
CVE-2026-28799: PJSIP is a free and open source multimedia communication library written in C↗2026-03-06