CVE-2026-45362
Received Received - Intake
SIP Credentials Exposure in Sangoma Switchvox

Publication date: 2026-05-12

Last updated on: 2026-05-12

Assigner: MITRE

Description
Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-12
Last Modified
2026-05-12
Generated
2026-06-21
AI Q&A
2026-05-12
EPSS Evaluated
2026-06-20
NVD
CVE-2026-45362
EUVD
EUVD-2026-29354
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sangoma switchvox to 8.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-45362 is a vulnerability in Sangoma Switchvox versions before 8.4 where SIP authentication credentials are stored in plaintext within backup files (.svb). This means that sensitive information such as SIP trunk usernames, passwords, carrier hostnames or IP addresses, and DID assignments can be directly extracted from these backup files if accessed by an attacker.

Impact Analysis

If an attacker gains access to the backup files containing plaintext SIP credentials, they can impersonate the PBX endpoint at the carrier level. This can lead to severe consequences including toll fraud (unauthorized use of telephony services), caller ID spoofing, interception of inbound calls, rerouting of calls, and denial-of-service conditions affecting the telephony system.

Detection Guidance

This vulnerability can be detected by inspecting Sangoma Switchvox backup files (.svb) for the presence of cleartext SIP authentication credentials such as usernames, passwords, carrier hostnames/IPs, and DID assignments.

A practical approach is to locate and extract the .svb backup files from your system and then search within these files for plaintext SIP credentials.

While specific commands are not detailed in the provided resources, a general method would be to use file inspection and text search commands such as:

  • Locate backup files: `find /path/to/backups -name '*.svb'`
  • Search for SIP credentials inside backup files: `strings backupfile.svb | grep -iE 'username|password|sip|carrier|did'`

These commands help identify if sensitive SIP credentials are stored in plaintext within backup files, indicating the presence of the vulnerability.

Mitigation Strategies

To mitigate this vulnerability, the immediate step is to upgrade Sangoma Switchvox to version 8.4 or later, where the issue has been patched.

Additionally, restrict access to backup files (.svb) to authorized personnel only, as these files contain sensitive SIP trunk credentials in plaintext.

Review and rotate SIP trunk credentials if they may have been exposed, to prevent unauthorized use such as toll fraud or call interception.

Implement strict file permissions and consider encrypting backup files to protect sensitive information from unauthorized access.

Compliance Impact

The vulnerability exposes SIP trunk authentication credentials in plaintext within backup files, which can lead to unauthorized access and misuse of sensitive telephony data.

Such exposure of sensitive credentials could potentially violate data protection and security requirements mandated by standards and regulations like GDPR and HIPAA, which require safeguarding confidential information against unauthorized access.

However, the provided information does not explicitly discuss compliance impacts or regulatory considerations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45362. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart