Multiple remote denial‑of‑service vulnerabilities have been discovered in the Asterisk communication platform, according to a CERT‑FR advisory issued on 6 May 2026. The flaws enable an attacker to interrupt service from outside the system. Affected releases include Asterisk 20.18.x through 20.18.99, 21.12.x prior to 21.12.2, 22.8.x prior to 22.9.0, 23.2.x prior to 23.3.0, and certified‑Asterisk 20.x before 20.7‑cert10 and 22.x before 22.8‑cert2. The advisory cites four CVE numbers (CVE‑2026‑25994, CVE‑2026‑28799, CVE‑2026‑32942, CVE‑2026‑33069) and links to the vendor’s security bulletins. Operators should review the bulletins and apply available patches promptly. Security bulletins can be accessed through the Asterisk GitHub security advisories page, and the CVE references offer further technical information.
Summary of content from
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.