Technical Severity
CRITICAL
CVSS v3.1 Metrics
9.8
/ 10
Minimal Risk
Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Likelihood
EPSS Prediction
31.61
%
Predictive Probability
Percentile Rank
96.7
th
Documented as more likely to be exploited than 96.7% of known CVEs.
Detection Date
Feb 03, 2026
Remediation Due
Feb 24, 2026
CISA Catalog Active
Threat Analysis
Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services provided by the FreePBX admin.
Remediation Directive
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.