Input Handling Flaw in HP IP Phones Leading to WebUI Vulnerabilities
CVE-2026-5922

5.9MEDIUM

Key Information:

Vendor

HP

Vendor
CVE Published:
8 July 2026

What is CVE-2026-5922?

HP IP Phones are susceptible to a vulnerability that allows malicious inputs stored in configuration parameters to be rendered as content on the WebUI. This can potentially lead to unauthorized content exposure and manipulation through the web interface, compromising the integrity of the device's configuration and user experience.

Affected Version(s)

Poly CCX 0 < 9.5.0

Poly Edge E 0 < 8.6.0

Poly Trio C60 0 < 9.5.0

References

CVSS V4

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.