CVE-2026-5922

Summary

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage.

Affected Software

VendorProductVersion RangeStatus
HP Inc.Poly CCX0 < 9.5.0affected
HP Inc.Poly Edge E0 < 8.6.0affected
HP Inc.Poly Trio C600 < 9.5.0affected

Weaknesses

  • CWE-79: CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')

References