🕳️ Vulnerabilities & CVEs

Metasploit's March 2026 Punch: FreePBX and AVideo Ripe for Ransack

Metasploit just armed hackers with easy command injection hits on FreePBX and AVideo Encoder. Think your PBX is secure? Think again.

CVE Watch Apr 11, 2026 3 min read
Metasploit console showing new FreePBX and AVideo exploits

⚡ Key Takeaways

  • New Metasploit exploits target FreePBX (CVE-2025-64328) and AVideo Encoder (CVE-2026-29058) command injections. 𝕏
  • LDAP query enhancement skips SACL by default, aiding non-priv access. 𝕏
  • Seven bug fixes stabilize Framework, from crashes to interface binding. 𝕏
Published by

CVE Watch

Threat intelligence. Zero noise.

#AVideo Encoder #AVideo Encoder CVE #AVideo Encoder RCE #CVE-2026-29058 #FreePBX #FreePBX exploit #Metasploit #Metasploit update

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Rapid7 Blog

Related Stories

📬

Stay in the loop

The week's most important stories from CVE Watch, delivered once a week.

No spam. Unsubscribe any time.