CVE-2026-9585
Sangoma · Switchvox SMB Edition
A reflected cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition version 8, allowing for unauthorized script execution.
Executive summary
An unauthenticated reflected cross-site scripting vulnerability in Sangoma Switchvox SMB Edition exposes users to potential session theft and unauthorized actions.
Vulnerability
This is a reflected cross-site scripting (XSS) vulnerability (CWE-79) where input is not properly neutralized during web page generation. An unauthenticated attacker can trick a user into executing malicious scripts within their browser session.
Business impact
Reflected XSS can be used to hijack user sessions, capture sensitive data, or perform actions on behalf of the user within the Switchvox interface. With a CVSS score of 8.6, this vulnerability poses a high risk to organizational security, particularly if administrative users are targeted, potentially leading to full control over the PBX system.
Remediation
Immediate Action: Update Sangoma Switchvox SMB Edition to version 8.4.0.2 or later as specified in the vendor release notes.
Proactive Monitoring: Review access logs for suspicious URL patterns containing embedded script tags or anomalous redirect activity.
Compensating Controls: Utilize a Web Application Firewall (WAF) to filter out malicious payloads from incoming HTTP requests and enforce strong Content Security Policy (CSP) headers.
Exploitation status
Public Exploit Available: Unknown.
Analyst recommendation
The update to version 8.4.0.2 should be applied immediately to mitigate the risk of reflected XSS attacks. Administrators should ensure that the patch is verified against the vendor release notes to confirm the vulnerability has been addressed in their specific environment.