Darkreading
Critical CVE-2026-2329 Vulnerability in Grandstream VoIP Phones
First seen 18 Feb 2026, 22:20 UTC
•



+10
•82% similarity
•51.6
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
A critical vulnerability, CVE-2026-2329, has been identified in the Grandstream GXP1600 series VoIP phones, allowing unauthenticated remote code execution with root privileges. This flaw affects small and midsized businesses, hotels, and call centers, enabling attackers to intercept calls and commit toll fraud. A firmware update is available to remediate the issue.
ThreatCluster AI
Timeline
2026-02-18
CVE-2026-2329 published
2026-02-18
Rapid7 Labs discovers the vulnerability
2026-02-18
Vendor releases firmware update to remediate CVE-2026-2329