{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/freepbx-project/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-46376"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["FreePBX (\u003e= 15.0.42, \u003c 16.0.45, \u003e= 17.0.1, \u003c 17.0.7)"],"_cs_severities":["medium"],"_cs_tags":["cve","voip","freepbx","credential-access"],"_cs_type":"advisory","_cs_vendors":["FreePBX project"],"content_html":"\u003cp\u003eA critical vulnerability, CVE-2026-46376, exists in FreePBX versions 15.0.42 to 16.0.45 and 17.0.1 to 17.0.7. This vulnerability stems from the use of hard-coded credentials within the User Control Panel (UCP) generic template setup. The UCP generic template setup process is optional and designed to simplify common UCP deployments. However, if administrators do not immediately change these default credentials, unauthenticated attackers can gain access to the UCP. Successful exploitation grants attackers unauthorized access to user accounts, exposure of sensitive user data, and manipulation of user settings and configurations. The FreePBX project released an advisory for this vulnerability, urging users to apply patches and mitigations immediately to prevent potential exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a FreePBX instance with the UCP enabled and the default UCP generic template setup used.\u003c/li\u003e\n\u003cli\u003eThe attacker attempts to access the UCP login page, which is typically exposed over the network.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the hard-coded default credentials to authenticate to the UCP.\u003c/li\u003e\n\u003cli\u003eUpon successful authentication, the attacker gains access to user accounts.\u003c/li\u003e\n\u003cli\u003eThe attacker then leverages the unauthorized access to view sensitive user data, such as call logs, voicemails, and contact lists.\u003c/li\u003e\n\u003cli\u003eThe attacker manipulates user settings and configurations within the UCP.\u003c/li\u003e\n\u003cli\u003eDepending on the scope of the account\u0026rsquo;s permissions, the attacker could modify call routing rules, forwarding numbers, or even disable accounts.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control over the VoIP server\u0026rsquo;s functionality, potentially leading to call interception, eavesdropping, or denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-46376 can lead to unauthorized access to user accounts, exposing sensitive user data like call logs and voicemails. Attackers can manipulate user settings and configurations, potentially disrupting VoIP services and gaining control over the communication infrastructure. Given the widespread use of FreePBX in various sectors, including small businesses and large enterprises, the impact could range from data breaches and financial losses to significant disruptions in communication services. The vulnerability has a CVSS score of 9.3, highlighting the severity of the risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update the userman module to the latest version, which randomizes the password, as recommended by FreePBX.\u003c/li\u003e\n\u003cli\u003eEnsure only authorized users have access to the FreePBX Administrator Control Panel (ACP) by using FreePBX User Management, SysAdmin VPN, MFA, or SAML modules, as mentioned in the advisory.\u003c/li\u003e\n\u003cli\u003eImplement access control measures, such as using the FreePBX Firewall module, to deny access from hostile networks to the ACP and the UCP, as stated in the FreePBX advisory.\u003c/li\u003e\n\u003cli\u003eMonitor and detect suspicious activity related to unauthorized access attempts on the UCP. Organizations should enhance their monitoring capabilities as recommended by the CCB.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-02T08:35:31Z","date_published":"2026-06-02T08:35:31Z","id":"https://feed.craftedsignal.io/briefs/2026-06-freepbx-hardcoded-credentials/","summary":"A critical vulnerability, CVE-2026-46376, exists in FreePBX due to the use of hard-coded credentials in the User Control Panel (UCP) generic template setup process, allowing an unauthenticated, remote attacker to gain unauthorized access to user accounts and manipulate user settings if default template credentials are not immediately changed by the administrator after enabling UCP.","title":"FreePBX Hardcoded Credentials Vulnerability (CVE-2026-46376)","url":"https://feed.craftedsignal.io/briefs/2026-06-freepbx-hardcoded-credentials/"}],"language":"en","title":"CraftedSignal Threat Feed — FreePBX Project","version":"https://jsonfeed.org/version/1.1"}