CVE-2026-25554

OpenSIPS 3.1 (up to 3.6.4) with the auth_jwt module is affected by a SQL injection in jwt_db_authorize() when db_mode is enabled and a SQL backend is used. The function extracts the tag claim from a JWT without signature verification and directly inserts the unescaped value into a SQL query, enab...

Linux Distros Unpatched Vulnerability : CVE-2023-27601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received a...

PT-2023-21237 · Opensips · Opensis

Name of the Vulnerable Software and Affected Versions: OpenSIPS versions prior to 3.1.8 and 3.2.5 Description: OpenSIPS is a Session Initiation Protocol SIP server implementation. When a specially crafted SIP message is processed by the function rewrite ruri, a crash occurs due to a segmentation...