Summary
FreePBX patched a critical vulnerability (CVE-2026-46376) that allows unauthenticated attackers to gain remote access to the User Control Panel via hard-coded credentials.
Take Action:
If you run FreePBX, first make sure your VoIP server management interfaces User and Admin Control Panels are isolated from the internet and reachable only from trusted networks or via VPN . Then update the userman module to version 16.0.45 or 17.0.7 to replace the hard-coded credentials, and enable MFA or SAML for an added layer of login protection.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)