Plaintext SIP Credentials Vulnerability in Sangoma Switchvox Products
CVE-2026-45362

3.2LOW

Key Information:

Vendor: Sangoma
Status: Switchvox
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-45362?

Sangoma Switchvox prior to version 8.4 contains a significant vulnerability where SIP authentication credentials are stored in cleartext within backup files. This exposure can lead to unauthorized access to the system, potentially allowing attackers to exploit these credentials for malicious purposes. Users of affected versions are strongly advised to upgrade to the latest release to mitigate this risk and enhance the overall security posture of their deployments.

Affected Version(s)

Switchvox 0 < 8.4

References

https://github.com/wb6vpm/switchvox-svb-plaintext-sip-cre...

https://github.com/sangoma/security-switchvox/security/ad...

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 12, 2026

CVE-2026-45362 Data

JSON