Improper Authorization Vulnerability in Eleveo Call Recording Software
CVE-2026-15377
Key Information:
- Vendor
Eleveo
- Status
- Vendor
- CVE Published:
- 10 July 2026
Badges
What is CVE-2026-15377?
The Eleveo Call Recording Software 9.7.0 contains a vulnerability related to improper authorization in the file handling process of /callrec/sendlogfile. This flaw allows attackers to exploit the system remotely, potentially gaining unauthorized access to sensitive information. The issue was publicly disclosed, and despite attempts to inform the vendor, no response was received. Organizations utilizing this software should assess their systems promptly to mitigate any risks associated with this vulnerability.
Affected Version(s)
Call Recording Software 9.7.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
