PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46514 mwtcmi CVE debrief

CVE-2026-46514: Frogman Plaintext Credential Exposure. The Frogman headless PBX control system, prior to version 1.6.2, had two key issues. Firstly, the 'fm_reset_password' function in Tools/ResetPassword.php returned plaintext passwords. Secondly, the 'fm_add_extension' function in Tools/AddExtension.php returned plaintext secrets. These issues were compounded by the fact that the audit logs, specifically in Frogman.class.php, JSON-encoded these responses and stored them in oc_audit_log.detail. This allowed any caller with PERM_READ access to fm_audit_search to recover the stored credentials. The issue has been addressed in version 1.6.2.

Vendor
mwtcmi
Product
frogman
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-16
Original CVE updated
2026-07-16
Advisory published
2026-07-16
Advisory updated
2026-07-16

Who should care

Administrators and users of the Frogman headless PBX control system should be aware of this vulnerability, especially if they have not upgraded to version 1.6.2 or later. The exposure of plaintext credentials could lead to unauthorized access and potential security breaches.

Technical summary

The vulnerability in Frogman, a headless PBX control system, involves two primary issues: 1) The 'fm_reset_password' function in Tools/ResetPassword.php and 'fm_add_extension' function in Tools/AddExtension.php returned plaintext sensitive information. 2) The system stored these plaintext responses in audit logs (oc_audit_log.detail) without adequate protection. This allowed users with PERM_READ access to fm_audit_search to retrieve these credentials. The vulnerability was fixed in version 1.6.2.

Defensive priority

High

Recommended defensive actions

  • Upgrade Frogman to version 1.6.2 or later immediately.
  • Review and limit access to fm_audit_search to only necessary personnel.
  • Monitor audit logs for any suspicious access patterns.
  • Consider implementing additional security measures such as encryption for sensitive data.
  • Perform a thorough review of the system to identify any potential exposure.
  • Verify that all necessary security patches are applied and up-to-date.
  • Continuously monitor the system for any signs of unauthorized access or malicious activity.

Evidence notes

The CVE record was published on 2026-07-16T19:16:46.767Z and has not been modified since then. The NVD entry is currently 6.5 MEDIUM. Limited details are available about the affected scope and vendor remediation beyond version 1.6.2.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T19:16:46.767Z and has not been modified since then.