Browse all 4 CVE security advisories affecting Prosody. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Prosody is an open-source XMPP communication server used for instant messaging and VoIP services. Historically, it has been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from input validation failures and improper access controls. While no major public incidents have been widely reported, the 4 CVEs on record highlight persistent security concerns in its handling of XML parsing and authentication mechanisms. The project maintains regular security updates, but its lightweight architecture and focus on extensibility may introduce additional attack surfaces requiring careful configuration and monitoring.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-43507 | Prosody 安全漏洞 — ProsodyCWE-770 | 5.3 | Medium | 2026-05-01 |
| CVE-2026-43506 | Prosody 安全漏洞 — ProsodyCWE-401 | 5.3 | Medium | 2026-05-01 |
| CVE-2026-43505 | Prosody 安全漏洞 — ProsodyCWE-420 | 6.5 | Medium | 2026-05-01 |
| CVE-2026-43504 | Prosody 安全漏洞 — ProsodyCWE-863 | 6.5 | Medium | 2026-05-01 |
This page lists every published CVE security advisory associated with Prosody. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.