Rapid7 Cybersecurity Blog

CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED) (opens in new tab)

Covers Metasploit – Penetration Testing FrameworkCovered by 6 sources See all sources covering this story including SecurityWeek, The Hacker News

OverviewRapid7 Labs conducted a zero-day research project against an HP Poly VVX 450 Voice over Internet Protocol (VoIP) phone. This research resulted in the discovery of a critical unauthenticated stack-based buffer overflow vulnerability, CVE-2026-0826. A remote attacker can leverage CVE-2026-0826 to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability is present in the device's parsing of Session Description Protocol (SDP) attribute...

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Covered in 7 articles

SecurityWeek·

Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches

Feeds
The Hacker News·

⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More

Feeds
Security Affairs·

INTERNATIONAL EDITION

Feeds
View all 7 ›

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help