PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (siptransporttls) can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via verifyserver = PJTRUE or verifyclient = PJTRUE. This issue has been patched in version 2.17.
{
"cna_assigner": "GitHub_M",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42225.json",
"cwe_ids": [
"CWE-295"
]
}{
"cpe": "cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*",
"source": [
"CPE_RANGE",
"REFERENCES"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.17"
}
]
}