Main Vulnerability Database Vulnerabilities #VU135542

NULL pointer dereference in Asterisk Open Source and Certified Asterisk - CVE-2026-57195

Published: June 26, 2026

Vulnerability identifier: #VU135542

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-57195

CWE-ID: CWE-476

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Digium (Linux Support Services)

Affected software:
Asterisk Open Source
Certified Asterisk

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to a null pointer dereference in the http ami digest authentication handler when processing crafted HTTP requests for AMI digest authentication. A remote attacker can send a specially crafted HTTP request to cause a denial of service.

The issue is exploitable only when the Asterisk HTTP web server is enabled, the Asterisk Manager Interface is enabled, and access to the AMI via HTTP is enabled.

How to mitigate CVE-2026-57195

Install security update from vendor's website.

Sources

https://github.com/asterisk/asterisk/security/advisories/GHSA-3rhj-hhw7-m6fw

NULL pointer dereference in Asterisk Open Source and Certified Asterisk - CVE-2026-57195

Detailed vulnerability description

How to mitigate CVE-2026-57195

Sources

Please verify you're human