CVE-2026-25994

CRITICAL

PJSIP <2.16 - Buffer Overflow

Title source: llm

Description

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames.

Exploits (1)

nomisec WORKING POC 1 stars

by VABISMO · poc

https://github.com/VABISMO/cve-2026-25994_PJSIP

View Code ZIP pw:eip

References (2)

[Patch] https://github.com/pjsip/pjproject/commit/063b3a155f163cc5a9a1df2c56b6720fd3a0dbb0

View Patch ZIP pw:eip

[Vendor Advisory] https://github.com/pjsip/pjproject/security/advisories/GHSA-j29p-pvh2-pvqp

Scores

CVSS v3 9.8

EPSS 0.0002

EPSS Percentile 6.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (1)

pjsip/pjsip < 2.16

Published Feb 11, 2026

Tracked Since Feb 18, 2026