By weakness (CWE)

CWE-1390: related vulnerabilities

CVEs classified under CWE-1390. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

1 published vulnerability

  • CVE-2026-44237HIGH 8.1

    FreePBX versions before 17.0.8 contain a flaw in their OAuth2 implementation that allows an attacker to bypass credential verification. If an attacker discovers or guesses a valid client application ID, they can request OAuth2 access tokens without needing the corresponding secret passphrase. This grants them the ability to authenticate and interact with the FreePBX API as if they were a legitimate application, potentially enabling unauthorized access to voice, data, and configuration controls.