VYPR

API

by Freepbx

Source repositories

CVEs (4)

  • CVE-2026-40520HigApr 21, 2026
    risk 0.40cvss 7.2epss 0.01

    FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to shell_exec() without sanitization or escaping. An authenticated user with a valid bearer token…

  • CVE-2025-55739MedSep 5, 2025
    risk 0.26cvss epss 0.01

    api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that installed the same FreePBX…

  • CVE-2013-4868Dec 27, 2019
    risk 0.05cvss epss 0.05

    Karotz API 12.07.19.00: Session Token Information Disclosure

  • CVE-2025-55210Feb 12, 2026
    risk 0.00cvss epss 0.00

    FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api (PBX API) is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to…