CVE-2026-0794
Published: 23 January 2026
Summary
CVE-2026-0794 is a critical-severity Use After Free (CWE-416) vulnerability in Algosolutions 8180 Ip Audio Alerter Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires identification, reporting, and timely remediation of flaws like this use-after-free vulnerability in SIP handling via vendor patches.
Implements controls to minimize the impact and exploitation of memory-related flaws such as use-after-free during object operations.
Monitors and controls network communications to restrict unauthenticated inbound SIP traffic to the vulnerable ALGO 8180 devices.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows unauthenticated remote code execution via crafted SIP calls to a public-facing network device, directly mapping to exploitation of public-facing applications.
NVD Description
ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific…
more
flaw exists within the handling of SIP calls. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28303.
Deeper analysisAI
CVE-2026-0794 is a Use-After-Free (CWE-416) vulnerability affecting ALGO 8180 IP Audio Alerter devices. The flaw resides in the handling of SIP calls, where the software fails to validate the existence of an object before performing operations on it, potentially leading to a use-after-free condition and remote code execution. Published on 2026-01-23, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with no authentication required for exploitation.
Remote attackers can exploit this vulnerability over the network by sending specially crafted SIP calls to affected devices, bypassing any authentication mechanisms. Successful exploitation allows arbitrary code execution in the context of the device, potentially granting full control over the IP Audio Alerter, including its audio alerting functions and network interfaces.
The Zero Day Initiative advisory (ZDI-26-016, originally ZDI-CAN-28303) provides further details at https://www.zerodayinitiative.com/advisories/ZDI-26-016/. Security practitioners should consult this reference for recommended mitigations, such as applying vendor patches if available or implementing network segmentation to restrict SIP traffic to trusted sources.
Details
- CWE(s)