CVE-2026-41415CRITICAL 9.1EPSS p22.2%

CVE-2026-41415CVE-2026-41415

Description

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message body. Insufficient length validation can cause reads beyond the intended buffer bounds. This vulnerability is fixed in 2.17.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS0.31% probability of exploitation · percentile 22.2% · 2026-06-18T12:00:27Z
Published2026-04-24
Last modified2026-04-28

Underlying weaknesses· 1

CWE-125

References

  1. https://github.com/pjsip/pjproject/commit/4225a93c16661538005017883fbc8f1ea1d5f4b0
  2. https://github.com/pjsip/pjproject/security/advisories/GHSA-935m-fmf5-j4pm

1

TypeTargetConfidenceTier
WeaknessOut-of-bounds Readcwe-1250%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-40892
CVE
CVE-2026-34235
CVE
CVE-2026-40614
CVE
CVE-2026-32945
CVE
CVE-2026-32942
CVE
CVE-2026-25994
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.