Solution sectors / communications
Communications
Communication software — email servers and clients, messaging platforms, VoIP and video conferencing — carries sensitive conversations and is a frequent phishing and interception target. This hub tracks CVEs across it.
Cumulative CVEs
7,641
across 293 monthly snapshots
Latest month
156
-15.2% MoM · +194.3% YoY
Peak month
214
Jun 20
KEV this month
0
37 vendors affected
CVEs per month
Newest period on the right. Click a point to open that monthly report.
Deployment mix
How this sector's software is typically delivered — whether you patch it yourself or a vendor does. AI-assisted vendor classification.
- Mixed61%
- On-prem39%
Latest CVEs in this sector
The 15 most recently published vulnerabilities tagged to Communications.
- CVE-2026-57954Elide 7.1.17 - Permission Bypass in Sort Expression Validation4.3
- CVE-2026-56780Modoboa < 2.9.0 - Insecure Direct Object Reference in Account Password Change API7.5
- CVE-2026-58056RustDesk - FileTransfer Session Authorization Scope Bypass7.6
- CVE-2026-57632WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.19.0 - Broken Access Control vulnerability5.4
- CVE-2026-56038WordPress Frisbii Pay plugin <= 1.8.2 - Privilege Escalation vulnerability8.8
- CVE-2026-4339SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server6.5
- CVE-2026-9699Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors6.8
- CVE-2026-3472Markdown image rendering bypass in AI bot tool result posts in Mattermost3.5
- CVE-2026-13426Client4 fails to validate path parameters5.4
- CVE-2026-2299Improper Access Control in Mattermost Google Drive Plugin File Creation Endpoint4.2
- CVE-2026-54024LibreChat: Incomplete Fix for CVE-2024-11171 — Conversation Import Multer Instance Missing File Size Limits6.5
- CVE-2026-54025LibreChat: Stored XSS via unescaped image alt text in markdown artifact preview5.4
- CVE-2026-54027LibreChat: Image Upload Route Bypasses Agent Permission Check — Incomplete Fix for File Upload Authorization6.5
- CVE-2026-54029LibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User Filter5.3
- CVE-2026-54033LibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLs7.7
Weakness fingerprint
Top CWE classes in this sector, latest monthly snapshot.
Top vendors
Most CVEs in this sector, latest monthly snapshot.
| Vendor | CVEs | Crit | KEV |
|---|---|---|---|
| mattermost | 20 | · | · |
| danny-avila | 13 | 1 | · |
| librechat | 12 | 1 | · |
| rocketchat | 12 | 2 | · |
| freeswitch | 9 | 2 | · |
| signalwire | 9 | 2 | · |
Subsectors
Breakdown for the latest monthly snapshot.
| Subsector | CVEs | Crit | KEV | Vendors | MoM | Top products |
|---|---|---|---|---|---|---|
| messaging-chat | 76 | 6 | · | 18 | — | librechat (25) · mattermost (18) · mattermost server (15) |
| email-server-client | 50 | 9 | · | 8 | — | thunderbird (42) · email marketing for woocommerce by omnisend (2) · incydr (1) |
| voip-telephony | 18 | 5 | · | 4 | — | freeswitch (18) · sip-t46u (6) · oracle advanced outbound telephony (3) |
| — | 6 | · | · | 4 | — | workplace (2) · anydesk (1) · celloos (1) |
| video-conferencing | 6 | · | · | 3 | — | avideo (4) · meeting software development kit (1) · poly_trio_8300 (1) |
Sector classification is AI-assisted with human review. How tagging works · Report a misclassification