CVE-2026-4390

MEDIUM

TeamSpeak 3 Server Connection State Management process_resend_queue use after free

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-4390. PoCs published by born0monday.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2026-4390, a Denial-of-Service vulnerability in TeamSpeak 3.13.7. The PoC implements a UDP-based attack that manipulates the TeamSpeak protocol handshake to trigger a crash.

Description

A weakness has been identified in TeamSpeak 3 Server up to 3.13.7. This affects the function process_resend_queue of the component Connection State Management. This manipulation causes use after free. The attack may be initiated remotely. Upgrading to version 3.13.8 is able to mitigate this issue. The affected component should be upgraded.

Exploits (1)

nomisec WORKING POC
by born0monday · poc
https://github.com/born0monday/teamspeak3-vulnerabilities

This repository contains functional exploit code for CVE-2026-4390, a Denial-of-Service vulnerability in TeamSpeak 3.13.7. The PoC implements a UDP-based attack that manipulates the TeamSpeak protocol handshake to trigger a crash.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: TeamSpeak 3.13.7
No auth needed
Prerequisites: network access to TeamSpeak server · UDP port 9987 accessible
devstral-2 · analyzed Jun 03, 2026 Full analysis →

References (5)

Core 5
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-366314 | TeamSpeak 3 Server Connection State Management process_resend_queue use after free
https://vuldb.com/vuln/366314
Signature, Permissions Required signature permissions-required
VDB-366314 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/366314/cti

Scores

CVSS v3 5.4
EPSS 0.0004
EPSS Percentile 14.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-119 CWE-416
Status published
Products (9)
None/TeamSpeak 3 Server 3.13.0
None/TeamSpeak 3 Server 3.13.1
None/TeamSpeak 3 Server 3.13.2
None/TeamSpeak 3 Server 3.13.3
None/TeamSpeak 3 Server 3.13.4
None/TeamSpeak 3 Server 3.13.5
None/TeamSpeak 3 Server 3.13.6
None/TeamSpeak 3 Server 3.13.7
None/TeamSpeak 3 Server 3.13.8
Published May 27, 2026
Tracked Since May 27, 2026