Local File Inclusion Vulnerability in Sangoma Switchvox SMB Edition
CVE-2026-9587
7.1HIGH
What is CVE-2026-9587?
An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3. The vulnerability arises from the play_file functionality, which accepts user-controlled input via the sound_path parameter. Due to inadequate validation of file paths, an authenticated attacker could exploit this flaw to access files outside the designated directory, potentially compromising sensitive data and system integrity.
Affected Version(s)
Switchvox SMB Edition 8.3 (104997) < 8.4.0.2
