CVE-2026-0754 HIGH

CVE-2026-0754: SIP Service Providers – Possible Impersonation of Poly Voice Device

Vendor Hp Inc
Product VVX
Weakness CWE-321
Published March 3, 2026
Last update March 3, 2026

CVSS base score

8.2/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N

What the vulnerability does

01Description

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate.

Key dates

02Disclosure timeline

March 3, 2026 CVE published
March 3, 2026 Record updated