CVE-2026-4390
TeamSpeak 3 Server Connection State Management process_resend_queue use after free
Vexday Risk Score
33Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 5.3EPSS 0.3%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado
Lifecycle
09 May 2026Public PoC
27 May 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
A weakness has been identified in TeamSpeak 3 Server up to 3.13.7. This affects the function process_resend_queue of the component Connection State Management. This manipulation causes use after free. The attack may be initiated remotely. Upgrading to version 3.13.8 is able to mitigate this issue. The affected component should be upgraded.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
Affected products
n/a · TeamSpeak 3 Serverpublic PoCs found — 1
githubgithub.com/born0monday/teamspeak3-vulnerabilities★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.