PatchSiren cyber security CVE debrief
CVE-2026-46514 mwtcmi CVE debrief
CVE-2026-46514: Frogman Plaintext Credential Exposure. The Frogman headless PBX control system, prior to version 1.6.2, had two key issues. Firstly, the 'fm_reset_password' function in Tools/ResetPassword.php returned plaintext passwords. Secondly, the 'fm_add_extension' function in Tools/AddExtension.php returned plaintext secrets. These issues were compounded by the fact that the audit logs, specifically in Frogman.class.php, JSON-encoded these responses and stored them in oc_audit_log.detail. This allowed any caller with PERM_READ access to fm_audit_search to recover the stored credentials. The issue has been addressed in version 1.6.2.
- Vendor
- mwtcmi
- Product
- frogman
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-16
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-16
- Advisory updated
- 2026-07-16
Who should care
Administrators and users of the Frogman headless PBX control system should be aware of this vulnerability, especially if they have not upgraded to version 1.6.2 or later. The exposure of plaintext credentials could lead to unauthorized access and potential security breaches.
Technical summary
The vulnerability in Frogman, a headless PBX control system, involves two primary issues: 1) The 'fm_reset_password' function in Tools/ResetPassword.php and 'fm_add_extension' function in Tools/AddExtension.php returned plaintext sensitive information. 2) The system stored these plaintext responses in audit logs (oc_audit_log.detail) without adequate protection. This allowed users with PERM_READ access to fm_audit_search to retrieve these credentials. The vulnerability was fixed in version 1.6.2.
Defensive priority
High
Recommended defensive actions
- Upgrade Frogman to version 1.6.2 or later immediately.
- Review and limit access to fm_audit_search to only necessary personnel.
- Monitor audit logs for any suspicious access patterns.
- Consider implementing additional security measures such as encryption for sensitive data.
- Perform a thorough review of the system to identify any potential exposure.
- Verify that all necessary security patches are applied and up-to-date.
- Continuously monitor the system for any signs of unauthorized access or malicious activity.
Evidence notes
The CVE record was published on 2026-07-16T19:16:46.767Z and has not been modified since then. The NVD entry is currently 6.5 MEDIUM. Limited details are available about the affected scope and vendor remediation beyond version 1.6.2.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T19:16:46.767Z and has not been modified since then.