Improper Authorization Flaw in Eleveo Call Recording Software
CVE-2026-15374
Key Information:
- Vendor
Eleveo
- Status
- Vendor
- CVE Published:
- 10 July 2026
Badges
What is CVE-2026-15374?
A security flaw in Eleveo Call Recording Software version 9.7.0 has been identified, affecting an element of its group interface. This vulnerability allows attackers to manipulate the file /callrec/roleAddAction.do, potentially leading to unauthorized access via remote execution. Despite early notification to the vendor regarding this issue, there has been no response. It is essential for users of this software to take immediate action to mitigate the risks associated with this exploit, which has already been published and could be used in attacks.
Affected Version(s)
Call Recording Software 9.7.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
