Cyber Resilience

CVE-2026-0794

Critical

Published: 23 January 2026

Published
23 January 2026
Modified
18 February 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0063 45.5th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-0794 is a critical-severity Use After Free (CWE-416) vulnerability in Algosolutions 8180 Ip Audio Alerter Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-0794 is a Use-After-Free (CWE-416) vulnerability affecting ALGO 8180 IP Audio Alerter devices. The flaw resides in the handling of SIP calls, where the software fails to validate the existence of an object before performing operations on it, potentially leading to a use-after-free condition and remote code execution. Published on 2026-01-23, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with no authentication required for exploitation.

Remote attackers can exploit this vulnerability over the network by sending specially crafted SIP calls to affected devices, bypassing any authentication mechanisms. Successful exploitation allows arbitrary code execution in the context of the device, potentially granting full control over the IP Audio Alerter, including its audio alerting functions and network interfaces.

The Zero Day Initiative advisory (ZDI-26-016, originally ZDI-CAN-28303) provides further details at https://www.zerodayinitiative.com/advisories/ZDI-26-016/. Security practitioners should consult this reference for recommended mitigations, such as applying vendor patches if available or implementing network segmentation to restrict SIP traffic to trusted sources.

EU & UK References

Vulnerability details

ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific…

more

flaw exists within the handling of SIP calls. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28303.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability allows unauthenticated remote code execution via crafted SIP calls to a public-facing network device, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-0791Same product: Algosolutions 8180 Ip Audio Alerter
CVE-2026-0792Same product: Algosolutions 8180 Ip Audio Alerter
CVE-2026-0793Same product: Algosolutions 8180 Ip Audio Alerter
CVE-2026-0781Same product: Algosolutions 8180 Ip Audio Alerter
CVE-2026-0790Same product: Algosolutions 8180 Ip Audio Alerter
CVE-2026-0796Same product: Algosolutions 8180 Ip Audio Alerter
CVE-2026-0779Same product: Algosolutions 8180 Ip Audio Alerter
CVE-2026-0787Same product: Algosolutions 8180 Ip Audio Alerter
CVE-2026-0784Same product: Algosolutions 8180 Ip Audio Alerter
CVE-2026-0795Same product: Algosolutions 8180 Ip Audio Alerter

Affected Assets

algosolutions
8180 ip audio alerter firmware
5.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification, reporting, and timely remediation of flaws like this use-after-free vulnerability in SIP handling via vendor patches.

prevent

Implements controls to minimize the impact and exploitation of memory-related flaws such as use-after-free during object operations.

prevent

Monitors and controls network communications to restrict unauthenticated inbound SIP traffic to the vulnerable ALGO 8180 devices.

References