Main Vulnerability Database Vulnerabilities #VU125899

#VU125899 Use-after-free in pjsip - CVE-2026-32942

Published: April 14, 2026

Vulnerability identifier: #VU125899

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2026-32942

CWE-ID: CWE-416

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
pjsip

Software vendor:
pjsip

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in the ICE session when race conditions occur between session destruction and callbacks. A remote attacker can trigger concurrent session destruction and callback execution to execute arbitrary code.

Any application using the ICE feature is potentially affected.

Remediation

Install security update from vendor's website.

External links

https://github.com/pjsip/pjproject/security/advisories/GHSA-g88q-c2hm-q7p7

#VU125899 Use-after-free in pjsip - CVE-2026-32942

Description

Remediation

External links

Please verify you're human