CVE-2026-4390

Summary

A weakness has been identified in TeamSpeak 3 Server up to 3.13.7. This affects the function process_resend_queue of the component Connection State Management. This manipulation causes use after free. The attack may be initiated remotely. Upgrading to version 3.13.8 is able to mitigate this issue. The affected component should be upgraded.

Affected Software

VendorProductVersion RangeStatus
n/aTeamSpeak 3 Server3.13.0affected
n/aTeamSpeak 3 Server3.13.1affected
n/aTeamSpeak 3 Server3.13.2affected
n/aTeamSpeak 3 Server3.13.3affected
n/aTeamSpeak 3 Server3.13.4affected
n/aTeamSpeak 3 Server3.13.5affected
n/aTeamSpeak 3 Server3.13.6affected
n/aTeamSpeak 3 Server3.13.7affected
n/aTeamSpeak 3 Server3.13.8unaffected

Weaknesses

  • CWE-416: Use After Free
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References