PatchSiren cyber security CVE debrief
CVE-2026-46515 mwtcmi CVE debrief
CVE-2026-46515 is a critical security vulnerability in Frogman, a headless PBX control system. Prior to version 1.6.3, the system did not properly restrict access to certain functions, allowing users with PERM_READ access to call sensitive functions and expose sensitive information, including AMI manager secrets, outbound dial PINs, full Asterisk dialplan context, root SSH connection commands, backup artifact paths, CDR history, arbitrary saved GraphQL query execution, and raw AMI endpoint dumps containing SIP fields such as password, md5_cred, and oauth_secret. This vulnerability has a high impact on the confidentiality, integrity, and availability of the system.
- Vendor
- mwtcmi
- Product
- frogman
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-16
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-16
- Advisory updated
- 2026-07-16
Who should care
Administrators and users of Frogman headless PBX control system should be aware of this vulnerability and take immediate action to upgrade to version 1.6.3 or later. Affected operators, platform administrators, vulnerability management teams, and security teams should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Technical summary
The vulnerability exists in the Frogman system, which provides headless PBX control through MCP and HTTP API. Prior to version 1.6.3, the system did not properly restrict access to certain functions, allowing users with PERM_READ access to call sensitive functions and expose sensitive information, including AMI manager secrets, outbound dial PINs, full Asterisk dialplan context, root SSH connection commands, backup artifact paths, CDR history, arbitrary saved GraphQL query execution, and raw AMI endpoint dumps containing SIP fields such as password, md5_cred, and oauth_secret.
Defensive priority
High
Recommended defensive actions
- Upgrade to Frogman version 1.6.3 or later
- Restrict access to sensitive functions and data
- Monitor system logs for suspicious activity
- Implement additional security measures to protect against unauthorized access
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The vulnerability was reported by an unknown source and fixed in version 1.6.3. The CVE record was published on 2026-07-16T19:16:46.907Z and has not been modified since then. Evidence is limited, and defenders should verify the affected scope and vendor guidance. The Frogman system provides headless PBX control through MCP and HTTP API, and prior to version 1.6.3, it did not properly restrict access to certain functions.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T19:16:46.907Z and has not been modified since then.