Vulnerability Details CVE-2026-28209
FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech (TTS) engine in the recordings module. This issue has been patched in versions 16.0.20 and 17.0.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.4%
CVSS Severity
CVSS v3 Score 7.2
Products affected by CVE-2026-28209
-
cpe:2.3:a:sangoma:freepbx:16.0.18
-
cpe:2.3:a:sangoma:freepbx:16.0.19
-
cpe:2.3:a:sangoma:freepbx:16.0.19.1
-
cpe:2.3:a:sangoma:freepbx:16.0.19.10
-
cpe:2.3:a:sangoma:freepbx:16.0.19.11
-
cpe:2.3:a:sangoma:freepbx:16.0.19.12
-
cpe:2.3:a:sangoma:freepbx:16.0.19.13
-
cpe:2.3:a:sangoma:freepbx:16.0.19.14
-
cpe:2.3:a:sangoma:freepbx:16.0.19.15
-
cpe:2.3:a:sangoma:freepbx:16.0.19.16
-
cpe:2.3:a:sangoma:freepbx:16.0.19.17
-
cpe:2.3:a:sangoma:freepbx:16.0.19.18
-
cpe:2.3:a:sangoma:freepbx:16.0.19.2
-
cpe:2.3:a:sangoma:freepbx:16.0.19.3
-
cpe:2.3:a:sangoma:freepbx:16.0.19.4
-
cpe:2.3:a:sangoma:freepbx:16.0.19.5
-
cpe:2.3:a:sangoma:freepbx:16.0.19.6
-
cpe:2.3:a:sangoma:freepbx:16.0.19.7
-
cpe:2.3:a:sangoma:freepbx:16.0.19.8
-
cpe:2.3:a:sangoma:freepbx:16.0.19.9
-
cpe:2.3:a:sangoma:freepbx:17.0.3
-
cpe:2.3:a:sangoma:freepbx:17.0.4