VIR Vulnerability Intelligence Relay

CVE-2019-19006

unknown KEV
Published 2026-02-03 · Modified 2026-02-03
CVSS v3
CVSS v2
VIR risk
1.5

Description

Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services provided by the FreePBX admin.

CISA KEV

Vendor
Sangoma
Product
FreePBX
Due date
2026-02-24

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://wiki.freepbx.org/display/FOP/2019-11-20%2BRemote%2BAdmin%2BAuthentication%2BBypass ; https://nvd.nist.gov/vuln/detail/CVE-2019-19006

Exploits

References

Verify integrity in audit chain (admin only). AS-IS.