Out-of-Bounds Access Vulnerability in Kamailio SIP Signaling Server
CVE-2026-39863

7.5HIGH

Key Information:

Vendor: Kamailio
Status: Kamailio
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-39863?

An out-of-bounds access vulnerability in Kamailio SIP Signaling Server allows remote attackers to trigger a denial of service scenario through specially crafted data packets sent over TCP. This issue specifically affects Kamailio instances configured with TCP or TLS listeners, which could result in the server process crashing. The vulnerability has been addressed in the updates of versions 5.1.1, 6.0.6, and 5.8.8, mitigating the associated risks.

Affected Version(s)

kamailio < 5.8.8 < 5.8.8

kamailio >= 6.0.0, < 6.0.6 < 6.0.0, 6.0.6

kamailio >= 6.1.0, < 6.1.1 < 6.1.0, 6.1.1

References

https://github.com/kamailio/kamailio/security/advisories/...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 7, 2026

CVE-2026-39863 Data

JSON