CVE-2026-44238 | FreePBX up to 16.0.49/17.0.10 CDR Reports sql injection (GHSA-p9fq-fmpw-2h9x)

A vulnerability marked as critical has been reported in FreePBX up to 16.0.49/17.0.10. The impacted element is an unknown function of the component CDR Reports Module. This manipulation causes sql injection.

This vulnerability is handled as CVE-2026-44238. The attack can be initiated remotely. There is not any exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More