CVE-2026-0754
CVE-2026-0754 is a high-severity vulnerability with a CVSS 4.0 base score of 8.2. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-321.
Key facts
- Severity: High (CVSS 4.0 base score 8.2)
- EPSS exploit prediction: 0% (1st percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-9270
- Weakness: CWE-321
- Published:
- Last modified:
Description
An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate.
Frequently asked questions
- What is CVE-2026-0754?
- An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate.
- How severe is CVE-2026-0754?
- CVE-2026-0754 has a CVSS 4.0 base score of 8.2, rated high severity.
- Is CVE-2026-0754 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (1st percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2026-0754?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2026-0754 have an EU (EUVD) identifier?
- Yes. CVE-2026-0754 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-9270.
- When was CVE-2026-0754 published?
- CVE-2026-0754 was published on 2026-03-03 and last updated on 2026-06-17.
References
Other CWE-321 vulnerabilities
- CVE-2024-30207 — Critical (CVSS 10.0): A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC…
- CVE-2014-5419 — Critical (CVSS 10.0): GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000,…
- CVE-2024-35344 — Critical (CVSS 9.9): Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects…
- CVE-2026-28742 — Critical (CVSS 9.8): Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every…
- CVE-2026-32644 — Critical (CVSS 9.8): Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.
- CVE-2025-67112 — Critical (CVSS 9.8): Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W…