Embedded Test Key Vulnerability in Poly Voice Devices
CVE-2026-0754

8.2HIGH

Key Information:

Vendor: HP Inc
Status: Vvx; Edge E; Trio 8300
Vendor: CVE Published:; 3 March 2026

What is CVE-2026-0754?

An embedded test key and certificate vulnerability allows attackers to potentially extract sensitive information from Poly Voice devices using advanced reverse engineering techniques. If the extracted certificate is accepted by a SIP service provider without thorough validation, it could lead to unauthorized access and exploitation of communication channels, thereby posing significant security risks.

Affected Version(s)

Edge E 0

Trio 8300 0

VVX 0

References

https://support.hp.com/us-en/document/ish_14269649-142696...

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2026
Vulnerability Reserved
Jan 8, 2026

CVE-2026-0754 Data

JSON

HP Inc

What is CVE-2026-0754?

Affected Version(s)

References

CVSS V4

Timeline