Cyber Posture

CVE-2026-32942

High

Published: 20 March 2026

Published
20 March 2026
Modified
23 March 2026
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 17.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32942 is a high-severity Use After Free (CWE-416) vulnerability in Pjsip Pjsip. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely patching of the specific heap use-after-free vulnerability in PJSIP versions 2.16 and below, as fixed in version 2.17.

SI-16 Memory Protection good match
prevent

Provides memory protections such as non-executable memory and ASLR to block exploitation of heap use-after-free leading to code execution, data disclosure, or modification.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Enables identification of systems using vulnerable PJSIP library versions through vulnerability scanning, supporting remediation efforts.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Remote unauthenticated network exploitation of PJSIP (public-facing SIP/ICE service) directly maps to initial access via public-facing application; high-impact memory corruption enables RCE/DoS in the service context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This…

more

issue has been fixed in version 2.17.

Deeper analysisAI

CVE-2026-32942 is a heap use-after-free vulnerability (CWE-416) in the ICE session of PJSIP, a free and open-source multimedia communication library written in C. The issue affects versions 2.16 and below, arising from race conditions between session destruction and callbacks. Published on 2026-03-20, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Unauthenticated remote attackers can exploit this vulnerability over the network without user interaction, though it requires high attack complexity. Successful exploitation enables high-impact consequences, including unauthorized disclosure of sensitive information, modification of data, and denial of service.

The vulnerability is addressed in PJSIP version 2.17. Mitigation details are available in the fix commit at https://github.com/pjsip/pjproject/commit/c9caceddabda7f18337b2a82d25d65f6224b450a, the issue discussion at https://github.com/pjsip/pjproject/issues/1451, and the GitHub security advisory at https://github.com/pjsip/pjproject/security/advisories/GHSA-g88q-c2hm-q7p7.

Details

CWE(s)
CWE-416

Affected Products

pjsip
pjsip
≤ 2.17

CVEs Like This One

CVE-2026-28799Same product: Pjsip Pjsip
CVE-2026-25994Same product: Pjsip Pjsip
CVE-2026-40892Same product: Pjsip Pjsip
CVE-2026-32945Same product: Pjsip Pjsip
CVE-2026-33069Same product: Pjsip Pjsip
CVE-2026-29068Same product: Pjsip Pjsip
CVE-2026-40614Same product: Pjsip Pjsip
CVE-2025-70968Shared CWE-416
CVE-2025-63651Shared CWE-416
CVE-2026-0794Shared CWE-416

References