PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-15377 Eleveo CVE debrief

CVE-2026-15377 is an improper authorization vulnerability in Eleveo Call Recording Software 9.7.0, affecting an unknown functionality of the file /callrec/sendlogfile. This manipulation causes improper authorization, allowing remote initiation of the attack. The exploit has been publicly disclosed and may be utilized. Organizations using Eleveo Call Recording Software 9.7.0 should assess their exposure and apply necessary patches or mitigations. The vulnerability has a CVSS score of 2.1 and a severity of LOW.

Vendor
Eleveo
Product
Call Recording Software
CVSS
LOW 2.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Organizations using Eleveo Call Recording Software 9.7.0 should assess their exposure and apply necessary patches or mitigations. Security teams and vulnerability management teams should review the vulnerability and its potential impact on their systems.

Technical summary

CVE-2026-15377 is an improper authorization vulnerability in Eleveo Call Recording Software 9.7.0. The vulnerability affects an unknown functionality of the file /callrec/sendlogfile, allowing for improper authorization. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Defensive priority

Low

Recommended defensive actions

  • Inventory and assess Eleveo Call Recording Software 9.7.0 installations
  • Apply patches or mitigations provided by the vendor
  • Monitor for suspicious activity related to /callrec/sendlogfile
  • Implement compensating controls for authorization
  • Review and verify the vendor's guidance
  • Track exceptions and retest remediated assets
  • Close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-10T17:16:54.430Z and was last modified on 2026-07-10T17:56:00.910Z. The NVD entry is currently Deferred. The vulnerability affects an unknown functionality of the file /callrec/sendlogfile in Eleveo Call Recording Software 9.7.0, allowing for improper authorization. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Organizations should verify their exposure and review the vendor's guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T17:16:54.430Z and has not been modified since then. The NVD entry is currently Deferred.