CVE-2026-46515
CVE-2026-46515 (Frogman) affects Frogman’s headless PBX control via MCP and HTTP API. Before version 1.6.3, a PERM_READ privilege was sufficient to call multiple endpoints (fm_list_managers, fm_list_pinsets, fm_show_context, fm_get_mcp_config, fm_backup_status, fm_whos_calling, fm_run_saved_query...