CVE-2026-28284: FreePBX is an open source IP PBX. Prior to versions 16.0.10

FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5.

• EPSS 0.0% (12.9% percentile)
• CVSS 8.6 high

Related briefings

• FreePBX Patches SQL Injection and Command Injection Trio: CVE-2026-28210, CVE-2026-28284, CVE-2026-28287 2026-03-05

Browse the CVE database

Read the full analysis on IntelFusions