Malicious SIP Server Vulnerability in Poly Voice IP Devices by HP
CVE-2026-2891

8.2HIGH

Key Information:

Vendor

HP Inc

Vendor
CVE Published:
1 July 2026

What is CVE-2026-2891?

Poly Voice IP devices, including the CCX, Trio, and Edge E models, are vulnerable to potential operational failures when they connect to a malicious SIP server that sends malformed data. This vulnerability could lead to significant service interruptions, making it critical for users to ensure their devices are protected. HP has issued updates to mitigate these risks and safeguard user operations.

Affected Version(s)

CCX 0 < 9.50

Edge E 0 < 8.6.0

Trio C60 0 < 9.5.0

References

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.