CVE-2026-44237 | FreePBX up to 17.0.7 API Module ClientRepository.php validateClient weak authentication (GHSA-vgjf-4h63-8vcc)

May 29, 2026 Yanac

A vulnerability was found in FreePBX up to 17.0.7. It has been rated as critical. Affected by this vulnerability is the function validateClient of the file ClientRepository.php of the component API Module. This manipulation causes weak authentication.

This vulnerability appears as CVE-2026-44237. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is advised.VulDB Recent EntriesRead More