CVE-2026-5923 PUBLISHED

Poly Voice – Potential Unauthorized Modification of WebUI using CSRF Attack

Assigner: hp
Reserved: 08.04.2026 Published: 08.07.2026 Updated: 09.07.2026

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 6

Product Status

Vendor HP Inc.
Product Poly CCX
Versions Default: unknown
  • affected from 0 to 9.50 (excl.)
Vendor HP Inc.
Product Poly Edge E
Versions Default: unknown
  • affected from 0 to 8.6.0 (excl.)
Vendor HP Inc.
Product Poly Trio C60
Versions Default: unknown
  • affected from 0 to 9.5.0 (excl.)

References

Problem Types

  • CWE-352 Cross-Site request forgery (CSRF) CWE