Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
PJSIP: A security risk in event subscription handling before version 2.17
CVE-2026-28799
Summary
PJSIP, a multimedia communication library, has a security issue in its event subscription feature. This could allow an attacker to cause issues on a vulnerable system. Update to version 2.17 or later to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| pjsip | pjsip | <= 2.17 | – |
Original title
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) th...
Original description
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patched in version 2.17.
nvd CVSS4.0
8.7
Vulnerability type
CWE-416
Use After Free
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026