Stack Buffer Overflow Vulnerability in PJSIP Multimedia Communication Library
CVE-2026-40892

8.1HIGH

Key Information:

Vendor: Pjsip
Status: Pjproject
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-40892?

A stack buffer overflow vulnerability has been identified in the PJSIP multimedia communication library for versions 2.16 and earlier. This vulnerability arises within the function pjsip_auth_create_digest2(), where the library improperly handles credential data length when using pre-computed digest credentials. Specifically, the function copies data into a fixed-size buffer (128 bytes) without proper upper-bound checking, allowing for potential overflow if the provided credential length exceeds the intended limits. This flaw could lead to unexpected behavior or security exploitations. Developers and users are encouraged to review the related security advisories and upgrade to the latest version to mitigate risk.

Affected Version(s)

pjproject <= 2.16

References

https://github.com/pjsip/pjproject/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/pjsip/pjproject/commit/c82123ea6f3c365...

x_refsource_MISC

CVSS V4

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 15, 2026

CVE-2026-40892 Data

JSON

Pjsip

What is CVE-2026-40892?

Affected Version(s)

References

CVSS V4

Timeline