πŸ” CVE Alert

CVE-2026-9585

UNKNOWN 0.0

Unauthenticated Reflected Cross-Site Scripting (XSS) in Switchvox SMB Web Portal

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

An unauthenticated reflected cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 (104997). The application fails to properly sanitize the portal parameter supplied to the invalid_browser and invalid_browser_login handlers.Β User-supplied data is reflected into JavaScript generated by the application, allowing attacker-controlled script execution within a victim's browser.

CWE CWE-79
Vendor sangoma
Product switchvox smb edition
Published Jul 17, 2026
Last Updated Jul 17, 2026
Stay Ahead of the Next One

Get instant alerts for sangoma switchvox smb edition

Be the first to know when new unknown vulnerabilities affecting sangoma switchvox smb edition are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

Sangoma / Switchvox SMB Edition
8.3 (104997) < 8.4.0.2

References

NVD β†— CVE.org β†— EPSS Data β†—
sangomakb.atlassian.net: https://sangomakb.atlassian.net/wiki/spaces/Switchvox/pages/1802371073/Switchvox+-+Release+Notes+Version+8.4.0.2+July+14+2026 labs.sra.io: https://labs.sra.io/posts/switchvox/

Credits

Cam Lischke (SRA)