πŸ” CVE Alert

CVE-2026-9588

UNKNOWN 0.0

Authenticated Stored Cross-Site Scripting (XSS) in Switchvox SMB Web Portal

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

A stored cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997) within the voicemail notification template functionality.Β The submit_modify_voicemail_template endpoint fails to properly sanitize HTML content supplied by authenticated users, allowing malicious JavaScript supplied through the template_text parameter to be stored server-side and subsequently rendered to other users.

CWE CWE-79
Vendor sangoma
Product switchvox smb edition
Published Jul 17, 2026
Last Updated Jul 17, 2026
Stay Ahead of the Next One

Get instant alerts for sangoma switchvox smb edition

Be the first to know when new unknown vulnerabilities affecting sangoma switchvox smb edition are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

Sangoma / Switchvox SMB Edition
8.3 (104997) < 8.4.0.2

References

NVD β†— CVE.org β†— EPSS Data β†—
sangomakb.atlassian.net: https://sangomakb.atlassian.net/wiki/spaces/Switchvox/pages/1802371073/Switchvox+-+Release+Notes+Version+8.4.0.2+July+14+2026 labs.sra.io: https://labs.sra.io/posts/switchvox/

Credits

Cam Lischke (SRA)