CVE-2026-25554— OpenSIPS SQL注入漏洞

OpenSIPS 3.1 <= 3.6.4 auth_jwt SQL Injection Enables JWT Authentication Bypass

OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to commit 3822d33) contain a SQL injection vulnerability in the jwt_db_authorize() function in modules/auth_jwt/authorize.c when db_mode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT without prior signature verification and incorporates the unescaped value directly into a SQL query. An attacker can supply a crafted JWT with a malicious tag claim to manipulate the query result and bypass JWT authentication, allowing impersonation of arbitrary identities.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

OpenSIPS SQL注入漏洞

OpenSIPS是OpenSIPS 个人开发者的一个 GPL 许可的 SIP 服务器实现。 OpenSIPS 3.6.4之前版本存在SQL注入漏洞，该漏洞源于auth_jwt模块的jwt_db_authorize函数存在SQL注入，可能导致绕过JWT身份验证。

N/A

N/A