CVE-2026-0710 HIGH

CVE-2026-0710: Sipp/sipp: sipp: denial of service and potential arbitrary code execution vulnerability

Weakness CWE-476
Published January 23, 2026
Last update January 23, 2026

CVSS base score

8.4/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in SIPp. A remote attacker could exploit this by sending specially crafted Session Initiation Protocol (SIP) messages during an active call. This vulnerability, a NULL pointer dereference, can cause the application to crash, leading to a denial of service. Under specific conditions, it may also allow an attacker to execute unauthorized code, compromising the system's integrity and availability.

Key dates

02Disclosure timeline

January 23, 2026 CVE published
January 23, 2026 Record updated