Local File Inclusion Vulnerability in Sangoma Switchvox SMB Edition
CVE-2026-9587

7.1HIGH

Key Information:

Vendor

Sangoma

Vendor
CVE Published:
17 July 2026

What is CVE-2026-9587?

An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3. The vulnerability arises from the play_file functionality, which accepts user-controlled input via the sound_path parameter. Due to inadequate validation of file paths, an authenticated attacker could exploit this flaw to access files outside the designated directory, potentially compromising sensitive data and system integrity.

Affected Version(s)

Switchvox SMB Edition 8.3 (104997) < 8.4.0.2

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Cam Lischke (SRA)
.