CVE-2026-4391

MEDIUM

TeamSpeak 3 Server ECC Key heap-based overflow

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-4391. PoCs published by born0monday.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2026-4391, a pre-authentication denial-of-service vulnerability in TeamSpeak 3.13.7. The PoC implements a UDP-based attack that crashes the server during the handshake process by sending a crafted ECC public key.

Description

A security vulnerability has been detected in TeamSpeak 3 Server up to 3.13.7. This vulnerability affects unknown code of the component ECC Key Parser. Such manipulation leads to heap-based buffer overflow. The attack may be launched remotely. Upgrading to version 3.13.8 is able to resolve this issue. It is suggested to upgrade the affected component.

Exploits (1)

github WORKING POC
by born0monday · rustpoc
https://github.com/born0monday/teamspeak3-vulnerabilities

This repository contains functional exploit code for CVE-2026-4391, a pre-authentication denial-of-service vulnerability in TeamSpeak 3.13.7. The PoC implements a UDP-based attack that crashes the server during the handshake process by sending a crafted ECC public key.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: TeamSpeak 3.13.7
No auth needed
Prerequisites: network access to TeamSpeak server
devstral-2 · analyzed Jun 03, 2026 Full analysis →

References (5)

Core 5
Core References
Vdb Entry vdb-entry
VDB-366315 | TeamSpeak 3 Server ECC Key heap-based overflow
https://vuldb.com/vuln/366315
Signature, Permissions Required signature permissions-required
VDB-366315 | CTI Indicators (IOB, IOC)
https://vuldb.com/vuln/366315/cti

Scores

CVSS v3 5.3
EPSS 0.0006
EPSS Percentile 17.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-119 CWE-122
Status published
Products (9)
None/TeamSpeak 3 Server 3.13.0
None/TeamSpeak 3 Server 3.13.1
None/TeamSpeak 3 Server 3.13.2
None/TeamSpeak 3 Server 3.13.3
None/TeamSpeak 3 Server 3.13.4
None/TeamSpeak 3 Server 3.13.5
None/TeamSpeak 3 Server 3.13.6
None/TeamSpeak 3 Server 3.13.7
None/TeamSpeak 3 Server 3.13.8
Published May 27, 2026
Tracked Since May 27, 2026