CVE-2026-9587
Authenticated Local File Inclusion (LFI) in Switchvox SMB Web Portal
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The play_file functionality accepts user-controlled input through the sound_path parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying absolute paths, an authenticated attacker can retrieve files outside the intended directory scope.
| CWE | CWE-73 |
| Vendor | sangoma |
| Product | switchvox smb edition |
| Published | Jul 17, 2026 |
| Last Updated | Jul 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for sangoma switchvox smb edition
Be the first to know when new unknown vulnerabilities affecting sangoma switchvox smb edition are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Sangoma / Switchvox SMB Edition
8.3 (104997) < 8.4.0.2
References
Credits
Cam Lischke (SRA)