cve detail

CVE-2019-19006

naam

Sangoma FreePBX Improper Authentication Vulnerability

Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services provided by the FreePBX admin.

KEV

bekend misbruikt

EPSS

22%

percentiel

96%

vendor

Sangoma

product

FreePBX

toegevoegd aan KEV

03 feb 2026

due date

24 feb 2026

ransomware

Unknown

CWE

CWE-287

EPSS datum

12 mei 2026

aanbevolen actie

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

notities

https://wiki.freepbx.org/display/FOP/2019-11-20%2BRemote%2BAdmin%2BAuthentication%2BBypass ; https://nvd.nist.gov/vuln/detail/CVE-2019-19006