Kamailio CVEs

A few old vulnerabilities have been discovered in Kamailio (formerly OpenSER and SER) code, and two CVEs released:

– CVE-2026-39863: Core – TCP Data Processing Vulnerability (high)

– CVE-2026-39864: Auth – Processing Vulnerability For Additional Authenticated User Identity Checks (moderate)

We wanted to let you know that given our support for the open source project, we were made aware of these as soon as they were discovered and all Simwood instances of Kamailio were patched immediately. Simwood has not been vulnerable to these since well before the CVEs were announced.

We strongly recommend customers check your own installations and verify other carriers are not vulnerable.