216.73.216.133

CVE-2026-42225

· Published 07/05/2026 20:16 · Modified 07/05/2026 20:36

Labels: CVE-2026-42225 2026-05-07CVE-2026-42225CWE-295[email protected]

Essential information

Published
07/05/2026 20:16
Modified
07/05/2026 20:36
Author
Creator
CVSS
8.2 HIGH (v3) 8.2 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via verify_server = PJ_TRUE or verify_client = PJ_TRUE. This issue has been patched in version 2.17.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
pjsip / pjsip cpe:2.3:a:pjsip:pjsip:<2.17:*:*:*:*:*:*

References