CVE-2026-25554 | OpenSIPS up to 3.6.3 JWT authorize.c jwt_db_authorize sql injection

Inserito da Angelo Barbosa | Feb 25, 2026 | CVE

A vulnerability labeled as critical has been found in OpenSIPS up to 3.6.3. The affected element is the function jwt_db_authorize of the file modules/auth_jwt/authorize.c of the component JWT Handler. The manipulation results in sql injection.

This vulnerability is identified as CVE-2026-25554. The attack can be executed remotely. There is not any exploit available.

The affected component should be upgraded.

CVE-2026-25554 | OpenSIPS up to 3.6.3 JWT authorize.c jwt_db_authorize sql injection

Post correlati

CVE-2024-30249 | CloudburstMC Network prior 1.0.0.CR1-20240330.101522-15 UDP allocation of resources (GHSA-6h3m-c6fv-8hvh)

CVE-2024-11493 | 115cms up to 20240807 pageAE.html tid cross site scripting

CVE-2024-36485 | Zoho ManageEngine ADAudit Plus up to 8121 Technician Reports Option sql injection

CVE-2024-42564 | ERP 44bd04 delete id sql injection