High severity8.8NVD Advisory· Published May 29, 2026· Updated Jun 1, 2026
CVE-2026-44238
CVE-2026-44238
Description
FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges are not needed. This vulnerability is fixed in 16.0.50 and 17.0.11.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <16.0.50,<17.0.11
Patches
Vulnerability mechanics
References
1- github.com/FreePBX/security-reporting/security/advisories/GHSA-p9fq-fmpw-2h9xnvdMitigationVendor Advisory
News mentions
0No linked articles in our index yet.