PatchSiren cyber security CVE debrief
CVE-2026-15377 Eleveo CVE debrief
CVE-2026-15377 is an improper authorization vulnerability in Eleveo Call Recording Software 9.7.0, affecting an unknown functionality of the file /callrec/sendlogfile. This manipulation causes improper authorization, allowing remote initiation of the attack. The exploit has been publicly disclosed and may be utilized. Organizations using Eleveo Call Recording Software 9.7.0 should assess their exposure and apply necessary patches or mitigations. The vulnerability has a CVSS score of 2.1 and a severity of LOW.
- Vendor
- Eleveo
- Product
- Call Recording Software
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Organizations using Eleveo Call Recording Software 9.7.0 should assess their exposure and apply necessary patches or mitigations. Security teams and vulnerability management teams should review the vulnerability and its potential impact on their systems.
Technical summary
CVE-2026-15377 is an improper authorization vulnerability in Eleveo Call Recording Software 9.7.0. The vulnerability affects an unknown functionality of the file /callrec/sendlogfile, allowing for improper authorization. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Defensive priority
Low
Recommended defensive actions
- Inventory and assess Eleveo Call Recording Software 9.7.0 installations
- Apply patches or mitigations provided by the vendor
- Monitor for suspicious activity related to /callrec/sendlogfile
- Implement compensating controls for authorization
- Review and verify the vendor's guidance
- Track exceptions and retest remediated assets
- Close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-10T17:16:54.430Z and was last modified on 2026-07-10T17:56:00.910Z. The NVD entry is currently Deferred. The vulnerability affects an unknown functionality of the file /callrec/sendlogfile in Eleveo Call Recording Software 9.7.0, allowing for improper authorization. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Organizations should verify their exposure and review the vendor's guidance.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T17:16:54.430Z and has not been modified since then. The NVD entry is currently Deferred.