CVE-2026-28209

EUVD-2026-9856
FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech (TTS) engine in the recordings module. This issue has been patched in versions 16.0.20 and 17.0.5.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
sangomafreepbx
16.0.17.2 ≤
𝑥
< 16.0.20
sangomafreepbx
17.0.2.4 ≤
𝑥
< 17.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-f558-mp87-58vj