Description

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via verify_server = PJ_TRUE or verify_client = PJ_TRUE. This issue has been patched in version 2.17.

INFO

Published Date :

2026-05-07T18:47:26.563Z

Last Modified :

2026-05-08T14:18:36.257Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-42225 vulnerability.

Vendors Products
Pjsip
  • Pjproject
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-42225.

URL Resource
https://github.com/pjsip/pjproject/commit/ef684252bb62b0716675b6e99ad7fe4c90e28920 cve-icon cve-icon
https://github.com/pjsip/pjproject/releases/tag/2.17 cve-icon cve-icon
https://github.com/pjsip/pjproject/security/advisories/GHSA-x2fv-6j6c-pxmx cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability