CVE-2026-40892
Published: 21 April 2026
Summary
CVE-2026-40892 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Pjsip Pjsip. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and correction of software flaws like the stack buffer overflow in PJSIP's pjsip_auth_create_digest2(), directly mitigating exploitation via patching.
Implements memory protection mechanisms such as stack canaries, ASLR, and non-executable stacks that prevent or detect exploitation of the fixed-size ha1 buffer overflow.
Mandates validation of input lengths like cred_info->data.slen against buffer limits, directly addressing the lack of upper-bound checks causing the overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated stack buffer overflow in PJSIP library enabling arbitrary code execution on network-exposed deployments directly maps to exploitation of public-facing applications.
NVD Description
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies credential data using cred_info->data.slen as…
more
the length without an upper-bound check, which can overflow the fixed-size ha1 stack buffer (128 bytes) if data.slen exceeds the expected digest string length.
Deeper analysisAI
CVE-2026-40892, published on 2026-04-21, is a stack buffer overflow vulnerability (CWE-121) in PJSIP, a free and open source multimedia communication library written in C. The issue affects versions 2.16 and earlier, specifically in the pjsip_auth_create_digest2() function when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies credential data using cred_info->data.slen as the length without an upper-bound check, which can overflow the fixed-size 128-byte ha1 stack buffer if data.slen exceeds the expected digest string length. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Attackers can exploit this vulnerability remotely over the network without authentication, privileges, or user interaction, requiring only low complexity. Exploitation allows achievement of high confidentiality, integrity, and availability impacts, such as arbitrary code execution or system crashes on affected PJSIP deployments.
The PJSIP project has addressed the vulnerability with a patch in commit c82123ea6f3c3652bbc9ebd5e9e658c301451687, available at https://github.com/pjsip/pjproject/commit/c82123ea6f3c3652bbc9ebd5e9e658c301451687. Further details on the issue, affected versions, and mitigation steps are outlined in the GitHub Security Advisory GHSA-2wcg-w3c4-48r7 at https://github.com/pjsip/pjproject/security/advisories/GHSA-2wcg-w3c4-48r7.
Details
- CWE(s)