CVE-2026-2891 PUBLISHED

Poly Voice Devices (CCX, Trio, Edge E) – Potential Denial of Service

Assigner: hp
Reserved: 20.02.2026 Published: 01.07.2026 Updated: 01.07.2026

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.2

Product Status

Vendor HP Inc
Product CCX
Versions Default: unaffected
  • affected from 0 to 9.50 (excl.)
Vendor HP Inc
Product Trio C60
Versions Default: unaffected
  • affected from 0 to 9.5.0 (excl.)
Vendor HP Inc
Product Edge E
Versions Default: unaffected
  • affected from 0 to 8.6.0 (excl.)

References

Problem Types

  • CWE-400 CWE