CVE-2026-10629 - Vulnerability Details

Description

SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via passive monitoring and active manipulation of unsecured SIP messages over the radio and core network.

Published: 2026-06-02

Score: 7.4 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

SIP signaling stack in Verizon IMS omits IPsec integrity protection, missing Security-Client/Security-Server headers and ESP traffic. This corresponds to CWE-311 Missing Cryptographic Integrity, allowing an on-path attacker to passively eavesdrop and actively manipulate unsecured SIP messages over the radio and core network, compromising confidentiality, integrity and authenticity of VoLTE signaling.

Affected Systems

Verizon IMS (VoLTE) of unspecified version is affected. No other vendors or product versions are listed.

Risk and Exploitability

The vulnerability has a CVSS score of 7.4, EPSS score is < 1%, and it is not listed in the CISA KEV catalog. Nevertheless, the absence of integrity protection on a core telecommunication protocol means that an attacker who can position themselves on the network path can easily modify or forge call setup and teardown messages, potentially leading to service disruption, spoofed calls or fraud. The likely attack vector is passive and active eavesdropping over radio or core links, requiring no special privileges beyond network access.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Verizon

VoLTE

affected

Version	Status	Constraints
`UNKNOWN`	affected	—

No data.

Vendor Product Confidence Versions

Verizon

Volte

100%

Version	Status	Scheme	Platform
`UNKNOWN`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Deploy IPsec or TLS/DTLS to provide integrity and confidentiality for SIP traffic.
Configure Security-Client and Security-Server headers in all SIP messages.
Enforce application-layer encryption for VoLTE signaling across all segments of the network.

Generated by OpenCVE AI on June 3, 2026 at 20:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00135.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.3gpp.org/DynReport/33203.htm
https://www.kb.cert.org/vuls/id/615987

History

Wed, 03 Jun 2026 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-200 CWE-287

Wed, 03 Jun 2026 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-200 CWE-277

Wed, 03 Jun 2026 16:30:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	cvssV3_1 `{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 03 Jun 2026 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Verizon Verizon volte
Vendors & Products		Verizon Verizon volte

Tue, 02 Jun 2026 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 02 Jun 2026 16:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-200 CWE-277

Tue, 02 Jun 2026 16:30:00 +0000

Type	Values Removed	Values Added
References		https://www.kb.cert.org/vuls/id/615987

Tue, 02 Jun 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via passive monitoring and active manipulation of unsecured SIP messages over the radio and core network.
Title		CVE-2026-10629
References		https://www.3gpp.org/DynReport/33203.htm

Subscriptions

Verizon Volte

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2026-06-02T14:35:07.902Z

Updated: 2026-06-03T15:19:11.551Z

Reserved: 2026-06-02T14:31:31.922Z

Link: CVE-2026-10629

Vulnrichment

Updated: 2026-06-02T15:23:02.208Z

NVD

Status : Deferred

Published: 2026-06-02T16:16:34.813

Modified: 2026-06-03T16:16:26.257

Link: CVE-2026-10629

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-03T21:00:06Z

Weaknesses

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-287
Improper Authentication

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object