CVE-2026-23739

CVE-2026-23739

Name

CVE-2026-23739

Description

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing. Specifically, it invokes xmlReadFile() with the XML_PARSE_NOENT flag and later processes XIncludes via xmlXIncludeProcess().If any untrusted or user-supplied XML file is passed to this function, it can allow an attacker to trigger XML External Entity (XXE) or XInclude-based local file disclosure, potentially exposing sensitive files from the host system. This can also be triggered in other cases in which the user is able to supply input in xml format that triggers the asterisk process to parse it. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-advisories@github.com	https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42

Type

URI

security-advisories@github.com

https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:sangoma:asterisk::::::::`	asterisk	>= None	< 20.18.2
`cpe:2.3:a:sangoma:asterisk::::::::`	asterisk	>= 21.0.0	< 21.12.1
`cpe:2.3:a:sangoma:asterisk::::::::`	asterisk	>= 22.0.0	< 22.8.2
`cpe:2.3:a:sangoma:asterisk::::::::`	asterisk	>= 23.0.0	< 23.2.2
`cpe:2.3:a:sangoma:certified_asterisk::::::::`	certified_asterisk	>= None	<= 18.9
`cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1::::::`	certified_asterisk	== None	== 20.7

CPE URI

Source package

Min version

Max version

cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*

asterisk

>= None

< 20.18.2

cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*

asterisk

>= 21.0.0

< 21.12.1

cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*

asterisk

>= 22.0.0

< 22.8.2

cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*

asterisk

>= 23.0.0

< 23.2.2

cpe:2.3:a:sangoma:certified_asterisk:*:*:*:*:*:*:*:*

certified_asterisk

>= None

<= 18.9

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1:*:*:*:*:*:*

certified_asterisk

== None

== 20.7

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
asterisk	edge-main	20.17.0-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.15.2-r1	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.15.2-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.11.1-r6	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.11.1-r5	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.11.1-r4	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.11.1-r3	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.11.1-r1	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.11.1-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.11.0-r1	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.11.0-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.9.3-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.9.2-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.8.1-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.5.1-r0	None	possibly vulnerable
asterisk	edge-main	18.15.1-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.15.0-r3	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.15.0-r2	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.15.0-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.13.0-r1	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.13.0-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.11.2-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.2.2-r5	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.2.2-r4	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.2.2-r3	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.2.2-r2	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.2.2-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.2.1-r0	None	possibly vulnerable
asterisk	edge-main	18.1.1-r0	None	possibly vulnerable
asterisk	edge-main	18.0.1-r0	None	possibly vulnerable
asterisk	edge-main	16.6.2-r0	None	possibly vulnerable
asterisk	edge-main	16.5.1-r0	None	possibly vulnerable
asterisk	edge-main	16.4.1-r0	None	possibly vulnerable
asterisk	edge-main	16.3.0-r0	None	possibly vulnerable
asterisk	edge-main	15.7.1-r0	None	possibly vulnerable
asterisk	3.23-main	20.15.2-r1	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.22-main	20.11.1-r6	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.22-main	20.11.1-r5	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.22-main	20.11.1-r0	None	possibly vulnerable
asterisk	3.22-main	20.9.3-r0	None	possibly vulnerable
asterisk	3.22-main	20.9.2-r0	None	possibly vulnerable
asterisk	3.22-main	20.8.1-r0	None	possibly vulnerable
asterisk	3.22-main	20.5.1-r0	None	possibly vulnerable
asterisk	3.22-main	18.15.1-r0	None	possibly vulnerable
asterisk	3.22-main	18.11.2-r0	None	possibly vulnerable
asterisk	3.22-main	18.2.2-r2	None	possibly vulnerable
asterisk	3.22-main	18.2.1-r0	None	possibly vulnerable
asterisk	3.22-main	18.1.1-r0	None	possibly vulnerable
asterisk	3.22-main	18.0.1-r0	None	possibly vulnerable
asterisk	3.22-main	16.6.2-r0	None	possibly vulnerable
asterisk	3.22-main	16.5.1-r0	None	possibly vulnerable
asterisk	3.22-main	16.4.1-r0	None	possibly vulnerable
asterisk	3.22-main	16.3.0-r0	None	possibly vulnerable
asterisk	3.22-main	15.7.1-r0	None	possibly vulnerable
asterisk	3.21-main	20.11.1-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.21-main	20.11.0-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.21-main	20.9.3-r0	None	possibly vulnerable
asterisk	3.21-main	20.9.2-r0	None	possibly vulnerable
asterisk	3.21-main	20.8.1-r0	None	possibly vulnerable
asterisk	3.21-main	20.5.1-r0	None	possibly vulnerable
asterisk	3.21-main	18.15.1-r0	None	possibly vulnerable
asterisk	3.21-main	18.11.2-r0	None	possibly vulnerable
asterisk	3.21-main	18.2.2-r2	None	possibly vulnerable
asterisk	3.21-main	18.2.1-r0	None	possibly vulnerable
asterisk	3.21-main	18.1.1-r0	None	possibly vulnerable
asterisk	3.21-main	18.0.1-r0	None	possibly vulnerable
asterisk	3.21-main	16.6.2-r0	None	possibly vulnerable
asterisk	3.21-main	16.5.1-r0	None	possibly vulnerable
asterisk	3.21-main	16.4.1-r0	None	possibly vulnerable
asterisk	3.21-main	16.3.0-r0	None	possibly vulnerable
asterisk	3.21-main	15.7.1-r0	None	possibly vulnerable
asterisk	3.20-main	20.9.3-r1	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.20-main	20.9.3-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.20-main	20.9.2-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.20-main	20.8.1-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.20-main	20.5.1-r0	None	possibly vulnerable
asterisk	3.20-main	18.15.1-r0	None	possibly vulnerable
asterisk	3.20-main	18.11.2-r0	None	possibly vulnerable
asterisk	3.20-main	18.2.2-r2	None	possibly vulnerable
asterisk	3.20-main	18.2.1-r0	None	possibly vulnerable
asterisk	3.20-main	18.1.1-r0	None	possibly vulnerable
asterisk	3.20-main	18.0.1-r0	None	possibly vulnerable
asterisk	3.20-main	16.6.2-r0	None	possibly vulnerable
asterisk	3.20-main	16.5.1-r0	None	possibly vulnerable
asterisk	3.20-main	16.4.1-r0	None	possibly vulnerable
asterisk	3.20-main	16.3.0-r0	None	possibly vulnerable
asterisk	3.20-main	15.7.1-r0	None	possibly vulnerable
asterisk	3.19-main	20.9.3-r1	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.19-main	20.9.3-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.19-main	20.5.1-r0	None	possibly vulnerable
asterisk	3.19-main	18.15.1-r0	None	possibly vulnerable
asterisk	3.19-main	18.11.2-r0	None	possibly vulnerable
asterisk	3.19-main	18.2.2-r2	None	possibly vulnerable
asterisk	3.19-main	18.2.1-r0	None	possibly vulnerable
asterisk	3.19-main	18.1.1-r0	None	possibly vulnerable
asterisk	3.19-main	18.0.1-r0	None	possibly vulnerable
asterisk	3.19-main	16.6.2-r0	None	possibly vulnerable
asterisk	3.19-main	16.5.1-r0	None	possibly vulnerable
asterisk	3.19-main	16.4.1-r0	None	possibly vulnerable
asterisk	3.19-main	16.3.0-r0	None	possibly vulnerable
asterisk	3.19-main	15.7.1-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages