{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4390", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-18T15:05:50.926Z", "datePublished": "2026-05-27T16:30:08.778Z", "dateUpdated": "2026-05-27T17:58:41.828Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-27T16:30:08.778Z"}, "title": "TeamSpeak 3 Server Connection State Management process_resend_queue use after free", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "Use After Free"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "n/a", "product": "TeamSpeak 3 Server", "versions": [{"version": "3.13.0", "status": "affected"}, {"version": "3.13.1", "status": "affected"}, {"version": "3.13.2", "status": "affected"}, {"version": "3.13.3", "status": "affected"}, {"version": "3.13.4", "status": "affected"}, {"version": "3.13.5", "status": "affected"}, {"version": "3.13.6", "status": "affected"}, {"version": "3.13.7", "status": "affected"}, {"version": "3.13.8", "status": "unaffected"}], "cpes": ["cpe:2.3:a:teamspeak_3_server:teamspeak_3_server:*:*:*:*:*:*:*:*"], "modules": ["Connection State Management"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in TeamSpeak 3 Server up to 3.13.7. This affects the function process_resend_queue of the component Connection State Management. This manipulation causes use after free. The attack may be initiated remotely. Upgrading to version 3.13.8 is able to mitigate this issue. The affected component should be upgraded."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:ND/RL:OF/RC:C"}}], "timeline": [{"time": "2026-05-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-05-27T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-05-27T18:27:20.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Michael Imfeld (modzero)", "type": "finder"}], "references": [{"url": "https://vuldb.com/vuln/366314", "name": "VDB-366314 | TeamSpeak 3 Server Connection State Management process_resend_queue use after free", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/366314/cti", "name": "VDB-366314 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://modzero.com/en/advisories/mz-26-01-teamspeak/", "tags": ["related"]}, {"url": "https://files.teamspeak-services.com/docs/security/TS-SA-2026-001.html", "tags": ["related"]}, {"url": "https://www.teamspeak.com/en/downloads/#server", "tags": ["patch"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-27T17:58:20.001608Z", "id": "CVE-2026-4390", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-27T17:58:41.828Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4390", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-27T17:58:20.001608Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-27T17:58:25.831Z"}}], "cna": {"title": "TeamSpeak 3 Server Connection State Management process_resend_queue use after free", "credits": [{"lang": "en", "type": "finder", "value": "Michael Imfeld (modzero)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:ND/RL:OF/RC:C"}}], "affected": [{"cpes": ["cpe:2.3:a:teamspeak_3_server:teamspeak_3_server:*:*:*:*:*:*:*:*"], "vendor": "n/a", "modules": ["Connection State Management"], "product": "TeamSpeak 3 Server", "versions": [{"status": "affected", "version": "3.13.0"}, {"status": "affected", "version": "3.13.1"}, {"status": "affected", "version": "3.13.2"}, {"status": "affected", "version": "3.13.3"}, {"status": "affected", "version": "3.13.4"}, {"status": "affected", "version": "3.13.5"}, {"status": "affected", "version": "3.13.6"}, {"status": "affected", "version": "3.13.7"}, {"status": "unaffected", "version": "3.13.8"}]}], "timeline": [{"lang": "en", "time": "2026-05-27T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-05-27T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-05-27T18:27:20.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/366314", "name": "VDB-366314 | TeamSpeak 3 Server Connection State Management process_resend_queue use after free", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/366314/cti", "name": "VDB-366314 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://modzero.com/en/advisories/mz-26-01-teamspeak/", "tags": ["related"]}, {"url": "https://files.teamspeak-services.com/docs/security/TS-SA-2026-001.html", "tags": ["related"]}, {"url": "https://www.teamspeak.com/en/downloads/#server", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in TeamSpeak 3 Server up to 3.13.7. This affects the function process_resend_queue of the component Connection State Management. This manipulation causes use after free. The attack may be initiated remotely. Upgrading to version 3.13.8 is able to mitigate this issue. The affected component should be upgraded."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "Use After Free"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-27T16:30:08.778Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4390", "state": "PUBLISHED", "dateUpdated": "2026-05-27T17:58:41.828Z", "dateReserved": "2026-03-18T15:05:50.926Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-05-27T16:30:08.778Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in TeamSpeak 3 Server up to 3.13.7. This affects the function process_resend_queue of the component Connection State Management. This manipulation causes use after free. The attack may be initiated remotely. Upgrading to version 3.13.8 is able to mitigate this issue. The affected component should be upgraded."}], "id": "CVE-2026-4390", "lastModified": "2026-05-27T19:49:48.143", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-05-27T18:16:28.420", "references": [{"source": "cna@vuldb.com", "url": "https://files.teamspeak-services.com/docs/security/TS-SA-2026-001.html"}, {"source": "cna@vuldb.com", "url": "https://modzero.com/en/advisories/mz-26-01-teamspeak/"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/366314"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/366314/cti"}, {"source": "cna@vuldb.com", "url": "https://www.teamspeak.com/en/downloads/#server"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-416"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"created": "2026-05-27T19:30:35.585530+00:00", "updated": "2026-05-27T19:30:35.585555+00:00", "vendors": []}