๐Ÿ” CVE Alert

CVE-2026-9587

UNKNOWN 0.0

Authenticated Local File Inclusion (LFI) in Switchvox SMB Web Portal

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The play_file functionality accepts user-controlled input through the sound_path parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying absolute paths, an authenticated attacker can retrieve files outside the intended directory scope.

CWE CWE-73
Vendor sangoma
Product switchvox smb edition
Published Jul 17, 2026
Last Updated Jul 17, 2026
Stay Ahead of the Next One

Get instant alerts for sangoma switchvox smb edition

Be the first to know when new unknown vulnerabilities affecting sangoma switchvox smb edition are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Sangoma / Switchvox SMB Edition
8.3 (104997) < 8.4.0.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/sangoma/security-switchvox/security/advisories/GHSA-mhp4-x83p-phh2 labs.sra.io: https://labs.sra.io/posts/switchvox/

Credits

Cam Lischke (SRA)