A critical vulnerability in FreePBX’s userman module is putting thousands of business phone systems at risk by allowing unauthenticated attackers to gain unauthorized access to the User Control Panel (UCP) via hard-coded default credentials. Tracked as CVE-2026-46376, the flaw carries a CVSS v4.0 base score of 9.1 (Critical) and affects the widely deployed FreePBX 16 and 17 platforms. The flaw, […]
The post FreePBX Flaw Exposes User Portals to Unauthorized Access appeared first on Cyber Security News.