TL;DRAI

HP Poly VoIP phones suffer CVE-2026-0826 (CVSS 9.2): stack-overflow RCE via SIP targeting VVX and Trio series. Enterprise risk: unprotected devices in conference rooms enable persistent access for lateral movement, eavesdropping, and social engineering.

A critical-severity vulnerability in multiple HP Poly Voice VoIP phone models can be exploited for remote code execution (RCE) with root privileges, allowing attackers to gain a foothold in enterprise networks, Rapid7 warns.

Tracked as CVE-2026-0826 (CVSS score of 9.2), the bug is described as a stack-based buffer overflow issue in the parsing of Session Description Protocol (SDP) attributes and affects devices that have the Interactive Connectivity Establishment (ICE) feature enabled.

The security defect was identified in a function that parses individual components of candidate attributes. The parsing function is called during the processing of SDP data, when ICE is enabled.

“The candidate attribute is intended to contain a transport address for a candidate that can be used for connectivity checks,” Rapid7 explains.

The parser copies the incoming string line into a 256-byte stack buffer without checking its length, and a candidate attribute with a greater length can be supplied to trigger the buffer overflow.

securityweek.com

Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches

A stack-based buffer overflow vulnerability in HP VoIP phones allows remote attackers to execute arbitrary code with root privileges.

martedì 2 giugno 2026 New tab

TL;DRAI

468 words~2 min read

The security defect was identified in a function that parses individual components of candidate attributes. The parsing function is called during the processing of SDP data, when ICE is enabled.

“The candidate attribute is intended to contain a transport address for a candidate that can be used for connectivity checks,” Rapid7 explains.

The parser copies the incoming string line into a 256-byte stack buffer without checking its length, and a candidate attribute with a greater length can be supplied to trigger the buffer overflow.

Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches

Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches

Other newsrooms on this story

Related reading

Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

Cisco warns of critical Unified CM flaw with PoC exploit code

Cisco Warns of Available PoC for Critical Unified CM Vulnerability

Cisco Patches Critical Vulnerability in Secure Workload

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks

Other newsrooms on this story

Related reading

Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

Cisco warns of critical Unified CM flaw with PoC exploit code

Cisco Warns of Available PoC for Critical Unified CM Vulnerability

Cisco Patches Critical Vulnerability in Secure Workload

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks