VYPR
Medium severity5.9NVD Advisory· Published May 7, 2026· Updated May 12, 2026

CVE-2026-42225

CVE-2026-42225

Description

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via verify_server = PJ_TRUE or verify_client = PJ_TRUE. This issue has been patched in version 2.17.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Pjsip/Pjprojectreferences
  • Pjsip/Pjsip2 versions
    cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*range: <2.17
    • (no CPE)range: <2.17

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.