CVE-2026-0710

HIGH 8.4

Sipp/sipp: sipp: denial of service and potential arbitrary code execution vulnerability

CVSS Score

8.4

EPSS Score

0.0%

EPSS Percentile

0th

A flaw was found in SIPp. A remote attacker could exploit this by sending specially crafted Session Initiation Protocol (SIP) messages during an active call. This vulnerability, a NULL pointer dereference, can cause the application to crash, leading to a denial of service. Under specific conditions, it may also allow an attacker to execute unauthorized code, compromising the system's integrity and availability.

CWE	CWE-476
Published	Jan 23, 2026
Last Updated	Jan 23, 2026

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new high vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-0710 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2427788

Credits

Red Hat would like to thank ChenYiFan Liu, Fanny-wen, and Zhoufan Wen for reporting this issue.