CVE-2026-0710
Published: 23 January 2026
Summary
CVE-2026-0710 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 12.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).
Deeper analysis
CVE-2026-0710 is a NULL pointer dereference vulnerability (CWE-476) discovered in SIPp, an open-source test tool and traffic generator for the Session Initiation Protocol (SIP). The flaw affects the SIPp application when processing incoming SIP messages, potentially leading to instability during call handling.
A remote attacker can exploit this vulnerability by sending specially crafted SIP messages during an active call. This triggers the NULL pointer dereference, causing the SIPp application to crash and resulting in a denial of service. Under specific conditions, the issue may also enable execution of unauthorized code, compromising the system's integrity and availability. The vulnerability has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Red Hat has published a security advisory detailing the issue at https://access.redhat.com/security/cve/CVE-2026-0710, along with a related Bugzilla entry at https://bugzilla.redhat.com/show_bug.cgi?id=2427788, which provide information on affected versions, patches, and mitigation steps.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-4491
Vulnerability details
A flaw was found in SIPp. A remote attacker could exploit this by sending specially crafted Session Initiation Protocol (SIP) messages during an active call. This vulnerability, a NULL pointer dereference, can cause the application to crash, leading to a…
more
denial of service. Under specific conditions, it may also allow an attacker to execute unauthorized code, compromising the system's integrity and availability.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Null dereference in SIPp enables remote crafted SIP message to trigger DoS crash or potential code execution on the vulnerable process.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires timely flaw remediation, directly addressing the NULL pointer dereference in SIPp by applying patches from the Red Hat advisory.
SI-10 mandates validation of incoming information, preventing specially crafted SIP messages from triggering the NULL pointer dereference.
SI-11 ensures robust error handling to avoid crashes or exploitation from NULL pointer dereferences during SIP message processing.