HIGH
OpenSIPS
CVE published 2026-02-25
CVE-2026-25554
CVE-2026-25554 is a SQL injection vulnerability in OpenSIPS versions 3.1 before 3.6.4. The auth_jwt module is affected when db_mode is enabled and a SQL database backend is used. The vulnerability allows an attacker to manipulate the query result and bypass JWT authentication, enabling impersonation of arbitrary identities. This could lead to unauthorized access and potential data breaches. OpenSIPS users [truncated]