Improper Authorization Flaw in Eleveo Call Recording Software
CVE-2026-15374

5.3MEDIUM

Key Information:

Vendor

Eleveo

Vendor
CVE Published:
10 July 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-15374?

A security flaw in Eleveo Call Recording Software version 9.7.0 has been identified, affecting an element of its group interface. This vulnerability allows attackers to manipulate the file /callrec/roleAddAction.do, potentially leading to unauthorized access via remote execution. Despite early notification to the vendor regarding this issue, there has been no response. It is essential for users of this software to take immediate action to mitigate the risks associated with this exploit, which has already been published and could be used in attacks.

Affected Version(s)

Call Recording Software 9.7.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

omarelshopky (VulDB User)
VulDB CNA Team
.