Sign-up

ID

VAR-202602-1863


CVE

CVE-2026-23738


TITLE

Sangoma of Asterisk Cross-site scripting vulnerabilities in multiple products, including

Trust: 0.8

sources: JVNDB: JVNDB-2026-004117

DESCRIPTION

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relating to asterisk/main /http.c. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2. Also, some of the information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability may affect other software

Trust: 1.62

sources: NVD: CVE-2026-23738 // JVNDB: JVNDB-2026-004117

AFFECTED PRODUCTS

vendor:sangomamodel:asteriskscope:lteversion:20.18.2

Trust: 1.0

vendor:sangomamodel:asteriskscope:ltversion:23.2.2

Trust: 1.0

vendor:sangomamodel:certified asteriskscope:lteversion:18.9

Trust: 1.0

vendor:sangomamodel:asteriskscope:gteversion:21.0.0

Trust: 1.0

vendor:sangomamodel:asteriskscope:lteversion:22.8.2

Trust: 1.0

vendor:sangomamodel:asteriskscope:gteversion:23.0.0

Trust: 1.0

vendor:sangomamodel:certified asteriskscope:eqversion:20.7

Trust: 1.0

vendor:sangomamodel:asteriskscope:gteversion:22.0.0

Trust: 1.0

vendor:sangomamodel:asteriskscope:lteversion:21.12.1

Trust: 1.0

vendor:sangomamodel:certified asteriskscope: - version: -

Trust: 0.8

vendor:sangomamodel:asteriskscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-004117 // NVD: CVE-2026-23738

CVSS

SEVERITY

CVSSV2

CVSSV3

security-advisories@github.com: CVE-2026-23738
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2026-23738
value: MEDIUM

Trust: 1.0

NVD: CVE-2026-23738
value: MEDIUM

Trust: 0.8

security-advisories@github.com: CVE-2026-23738
baseSeverity: LOW
baseScore: 3.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-23738
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2026-23738
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-004117 // NVD: CVE-2026-23738 // NVD: CVE-2026-23738

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-004117 // NVD: CVE-2026-23738

PATCH

title:The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization  Advisory  asterisk/asterisk  GitHuburl:https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh

Trust: 0.8

sources: JVNDB: JVNDB-2026-004117

EXTERNAL IDS

db:NVDid:CVE-2026-23738

Trust: 2.6

db:JVNDBid:JVNDB-2026-004117

Trust: 0.8

sources: JVNDB: JVNDB-2026-004117 // NVD: CVE-2026-23738

REFERENCES

url:https://github.com/asterisk/asterisk/security/advisories/ghsa-v6hp-wh3r-cwxh

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-23738

Trust: 0.8

sources: JVNDB: JVNDB-2026-004117 // NVD: CVE-2026-23738

SOURCES

db:JVNDBid:JVNDB-2026-004117
db:NVDid:CVE-2026-23738

LAST UPDATE DATE

2026-02-21T23:20:21.399000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-004117date:2026-02-20T02:20:00
db:NVDid:CVE-2026-23738date:2026-02-18T18:42:48.877

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-004117date:2026-02-20T00:00:00
db:NVDid:CVE-2026-23738date:2026-02-06T17:16:26