CVE-2026-44239
Analyzed Analyzed - Analysis Complete
Path Traversal in FreePBX Dashboard Module

Publication date: 2026-05-29

Last updated on: 2026-06-01

Assigner: GitHub, Inc.

Description
FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $_REQUEST['rawname'] parameter is concatenated into an include() call with a .class.php suffix, allowing path traversal via ../ sequences to include arbitrary .class.php files from the filesystem. The included file's PHP code executes before the subsequent class instantiation error occurs. This vulnerability is fixed in 16.0.22 and 17.0.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-06-01
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-44239
EUVD
EUVD-2026-33297
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
sangoma freepbx From 17.0 (inc) to 17.0.5 (exc)
sangoma freepbx to 16.0.22 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability is an Authenticated Local File Inclusion issue in the FreePBX Dashboard module. It occurs because the getcontent AJAX handler uses user-supplied input from the $_REQUEST['rawname'] parameter in an include() call without proper path sanitization.

An attacker with valid credentials can manipulate this parameter using path traversal sequences like ../ to include arbitrary .class.php files from the filesystem. The PHP code in the included file executes before any error occurs, allowing the attacker to execute arbitrary code on the host system.

This affects FreePBX versions prior to 16.0.22 and 17.0.5 and is fixed in those versions.

Impact Analysis

This vulnerability allows an attacker with valid credentials to execute arbitrary PHP code on the server hosting FreePBX. This can lead to unauthorized command execution on the host as the webserver user (typically 'asterisk').

Such code execution can compromise the confidentiality, integrity, and availability of the system, potentially allowing attackers to access sensitive data, disrupt telephony services, or further escalate privileges.

Detection Guidance

This vulnerability involves the manipulation of the $_REQUEST['rawname'] parameter in the FreePBX Dashboard module's getcontent AJAX handler to include arbitrary PHP files via path traversal sequences.

To detect exploitation attempts on your system or network, you can monitor web server logs for suspicious requests to the Dashboard module's getcontent AJAX handler that include path traversal patterns such as '../' in the rawname parameter.

Example command to search web server logs for such attempts:

  • grep -i "rawname=.*\.\.\/" /var/log/httpd/access_log
  • grep -i "rawname=.*\.\.\/" /var/log/apache2/access.log

Additionally, you can use network monitoring tools or intrusion detection systems to alert on HTTP requests containing path traversal sequences targeting the Dashboard module.

Mitigation Strategies

To mitigate this vulnerability immediately, you should update the FreePBX Dashboard module to version 16.0.22 or later, or 17.0.5 or later, where the issue is fixed.

Additionally, restrict access to the FreePBX Administrator Control Panel to trusted users only.

Deny access to the FreePBX Administrator Control Panel from untrusted networks to reduce the attack surface.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44239. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart