Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2026-23740

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.

Published

2026-02-06T17:16:26.290

Last Modified

2026-02-10T18:25:39.730

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 0.0 (NONE)

Weaknesses

Type: Secondary
CWE-427

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sangoma	certified_asterisk	13.13.0	Yes
Application	sangoma	certified_asterisk	13.13.0	Yes
Application	sangoma	certified_asterisk	13.13.0	Yes
Application	sangoma	certified_asterisk	13.13.0	Yes
Application	sangoma	certified_asterisk	13.13.0	Yes
Application	sangoma	certified_asterisk	13.13.0	Yes
Application	sangoma	certified_asterisk	13.13.0	Yes
Application	sangoma	certified_asterisk	13.13.0	Yes
Application	sangoma	certified_asterisk	13.13.0	Yes
Application	sangoma	certified_asterisk	13.13.0	Yes
Application	sangoma	certified_asterisk	16.8	Yes
Application	sangoma	certified_asterisk	16.8	Yes
Application	sangoma	certified_asterisk	16.8	Yes
Application	sangoma	certified_asterisk	16.8	Yes
Application	sangoma	certified_asterisk	16.8	Yes
Application	sangoma	certified_asterisk	16.8	Yes
Application	sangoma	certified_asterisk	16.8	Yes
Application	sangoma	certified_asterisk	16.8	Yes
Application	sangoma	certified_asterisk	16.8	Yes
Application	sangoma	certified_asterisk	16.8	Yes
Application	sangoma	certified_asterisk	16.8	Yes
Application	sangoma	certified_asterisk	16.8	Yes
Application	sangoma	certified_asterisk	16.8	Yes
Application	sangoma	certified_asterisk	16.8	Yes
Application	sangoma	certified_asterisk	16.8.0	Yes
Application	sangoma	certified_asterisk	16.8.0	Yes
Application	sangoma	certified_asterisk	16.8.0	Yes
Application	sangoma	certified_asterisk	16.8.0	Yes
Application	sangoma	certified_asterisk	16.8.0	Yes
Application	sangoma	certified_asterisk	16.8.0	Yes
Application	sangoma	certified_asterisk	16.8.0	Yes
Application	sangoma	certified_asterisk	16.8.0	Yes
Application	sangoma	certified_asterisk	16.8.0	Yes
Application	sangoma	certified_asterisk	16.8.0	Yes
Application	sangoma	certified_asterisk	16.8.0	Yes
Application	sangoma	certified_asterisk	16.8.0	Yes
Application	sangoma	certified_asterisk	16.8.0	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	20.7	Yes
Application	sangoma	certified_asterisk	20.7	Yes
Application	sangoma	certified_asterisk	20.7	Yes
Application	sangoma	certified_asterisk	20.7	Yes
Application	sangoma	certified_asterisk	20.7	Yes
Application	sangoma	certified_asterisk	20.7	Yes
Application	sangoma	certified_asterisk	20.7	Yes
Application	sangoma	certified_asterisk	20.7	Yes
Application	sangoma	certified_asterisk	20.7	Yes
Application	sangoma	asterisk	< 20.18.2	Yes
Application	sangoma	asterisk	< 21.12.1	Yes
Application	sangoma	asterisk	< 22.8.2	Yes
Application	sangoma	asterisk	< 23.2.2	Yes

References

https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c Vendor Advisory ([email protected])