CVE-2026-4390 PUBLISHED

TeamSpeak 3 Server Connection State Management process_resend_queue use after free

Assigner: VulDB
Reserved: 18.03.2026 Published: 27.05.2026 Updated: 27.05.2026

A weakness has been identified in TeamSpeak 3 Server up to 3.13.7. This affects the function process_resend_queue of the component Connection State Management. This manipulation causes use after free. The attack may be initiated remotely. Upgrading to version 3.13.8 is able to mitigate this issue. The affected component should be upgraded.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
CVSS Score: 5.3

Product Status

Vendor n/a
Product TeamSpeak 3 Server
Versions
  • Version 3.13.0 is affected
  • Version 3.13.1 is affected
  • Version 3.13.2 is affected
  • Version 3.13.3 is affected
  • Version 3.13.4 is affected
  • Version 3.13.5 is affected
  • Version 3.13.6 is affected
  • Version 3.13.7 is affected
  • Version 3.13.8 is unaffected

Credits

  • Michael Imfeld (modzero) finder

References

Problem Types

  • Use After Free CWE
  • Memory Corruption CWE