Pexip Pexip

  1. Vendors
  2. Pexip

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Pexip product.

RSS Feeds for Pexip security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Pexip products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Pexip Sorted by Most Security Vulnerabilities since 2018

Pexip Infinity38 vulnerabilities

Pexip Infinity15 vulnerabilities

Pexip Infinity Connect2 vulnerabilities

Pexip Reverse Proxy And Turn Server1 vulnerability

Pexip Virtual Meeting Rooms1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Pexip. Last year, in 2025 Pexip had 11 security vulnerabilities published. Right now, Pexip is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 11 7.22
2024 1 0.00
2023 4 6.60
2022 25 7.59
2021 2 7.50
2020 4 6.40

It may take a day or so for new Pexip vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Pexip Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-66443 Dec 25, 2025
Pexip Infinity 35.038.1 Improper Input Validation (Pre-39.0) SIG Abort DoS Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service.
Infinity
Pexip Infinity
CVE-2025-66379 Dec 25, 2025
Pexip Infinity <39.0 Improper Input Validation in Media Impl. Causing Remote DoS Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.
Infinity
CVE-2025-49088 Dec 25, 2025
Pexip Infinity OTJ Service DoS via Crafted Invite (32.0-37.1) Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.
Infinity
Pexip Infinity
CVE-2025-32096 Dec 25, 2025
Pexip Infinity 33.0-37.0 Improper Input Val via Signaling DoS Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.
Infinity
Pexip Infinity
CVE-2025-32095 Dec 25, 2025
Pexip Infinity <37.0: Signaling Input Validation DoS Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.
Infinity
Pexip Infinity
CVE-2025-66378 Dec 25, 2025
Pexip Infinity RTMP Access Control Bypass v38.x (fixed v39.0) Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.
Infinity
Pexip Infinity
CVE-2025-66377 Dec 25, 2025
Pexip Infinity 39.0 Missing Auth on Internal API Enables Node Downtime Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation.
Infinity
Pexip Infinity
CVE-2025-59683 Dec 25, 2025
Pexip Infinity 15.038.0 Secure Scheduler IAC Unauthenticated Read & DoS Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service.
Infinity
Pexip Infinity
CVE-2025-48704 Dec 25, 2025
Pexip Infinity 35.0-37.2 Improper Input Val'd in Signalling DoS Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.
Infinity
Pexip Infinity
CVE-2025-30080 Apr 02, 2025
Pexip Infinity 29-36.2: Improper Input Validation Allowing Temporary DoS Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort).
Pexip Infinity
CVE-2024-37917 Apr 02, 2025
Pexip Infinity <=35.0: Remote DoS via Crafted Signalling Message Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message.
Pexip Infinity
CVE-2024-33850 Jun 10, 2024
Pexip Infinity before 34.1 Improper Access Control in Waiting Room Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting.
Pexip Infinity
CVE-2023-31289 Dec 25, 2023
Pexip Infinity <31.2 Improper Input Validation (Abort) Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort.
Pexip Infinity
CVE-2023-31455 Dec 25, 2023
Pexip Infinity <31.2 RTCP Input Validation (Abort Exploit) Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.
Pexip Infinity
Infinity
CVE-2023-37225 Dec 25, 2023
Preconfigured Link XSS in Pexip Infinity Webapp1 v<32 Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links.
Pexip Infinity
CVE-2023-40236 Dec 25, 2023
Pexip VMR SSH Host Key Reuse Authentication Bypass In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass.
Virtual Meeting Rooms
CVE-2022-29286 Jul 17, 2022
Pexip Infinity 27 before 28.0 Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.
Pexip Infinity
CVE-2022-32263 Jul 17, 2022
Pexip Infinity before 28.1 Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.
Pexip Infinity
CVE-2022-27934 Jul 17, 2022
Pexip Infinity before 27.3 Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.
Pexip Infinity
CVE-2022-27929 Jul 17, 2022
Pexip Infinity 27.x before 27.3 Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.
Pexip Infinity
CVE-2022-27930 Jul 17, 2022
Pexip Infinity 27.x before 27.3 Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.
Pexip Infinity
CVE-2022-27931 Jul 17, 2022
Pexip Infinity before 27.3 Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
Pexip Infinity
CVE-2022-27932 Jul 17, 2022
Pexip Infinity before 27.3 Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
Pexip Infinity
CVE-2022-27933 Jul 17, 2022
Pexip Infinity before 27.3 Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
Pexip Infinity
CVE-2022-27935 Jul 17, 2022
Pexip Infinity before 27.3 Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.
Pexip Infinity
CVE-2022-27936 Jul 17, 2022
Pexip Infinity before 27.3 Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.
Pexip Infinity
CVE-2022-27937 Jul 17, 2022
Pexip Infinity before 27.3 Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.
Pexip Infinity
CVE-2022-25357 Jul 17, 2022
Pexip Infinity 27.x before 27.2 has Improper Access Control Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.
Pexip Infinity
CVE-2022-26654 Jul 17, 2022
Pexip Infinity before 27.3 Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.
Pexip Infinity
CVE-2022-26655 Jul 17, 2022
Pexip Infinity 27.x before 27.3 has Improper Input Validation Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.
Pexip Infinity
CVE-2022-26656 Jul 17, 2022
Pexip Infinity before 27.3 Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.
Pexip Infinity
CVE-2022-26657 Jul 17, 2022
Pexip Infinity before 27.3 Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
Pexip Infinity
CVE-2022-27928 Jul 17, 2022
Pexip Infinity 27.x before 27.3 Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
Pexip Infinity
CVE-2021-29656 Feb 18, 2022
Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly checked.
Infinity Connect
CVE-2022-23228 Feb 18, 2022
Pexip Infinity before 27.0 has improper WebRTC input validation Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service.
Pexip Infinity
CVE-2021-29655 Feb 18, 2022
Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute.
Infinity Connect
CVE-2021-33498 Jan 15, 2022
Pexip Infinity before 26 Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2).
Infinity
CVE-2021-33499 Jan 15, 2022
Pexip Infinity before 26 Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2).
Infinity
CVE-2021-35969 Jan 15, 2022
Pexip Infinity before 26 Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.
Infinity
CVE-2021-42555 Jan 15, 2022
Pexip Infinity before 26.2 Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.
Infinity
CVE-2021-32545 Jan 15, 2022
Pexip Infinity before 26 Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation.
Infinity
CVE-2021-31925 Jul 07, 2021
Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface.
Pexip Infinity
CVE-2020-25868 Jul 07, 2021
Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service).
Pexip Infinity
CVE-2020-11805 Sep 25, 2020
Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.
Pexip Infinity
Reverse Proxy And Turn Server
CVE-2020-24615 Sep 25, 2020
Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.
Pexip Infinity
CVE-2020-13387 Sep 25, 2020
Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.
Pexip Infinity
CVE-2020-12824 Sep 25, 2020
Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.
Pexip Infinity
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.