Description
A vulnerability was detected in TeamSpeak 3 Server up to 3.13.7. This issue affects some unknown processing of the component clientek Handshake Handler. Performing a manipulation of the argument proof results in reachable assertion. Remote exploitation of the attack is possible. Upgrading to version 3.13.8 is capable of addressing this issue. Upgrading the affected component is recommended.
Published: 2026-05-27
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

TeamSpeak 3 Server up to version 3.13.7 contains a flaw in the clientek Handshake Handler that allows manipulation of the argument proof to trigger a reachable assertion. This assertion violation can cause the server to crash, resulting in a denial of service. The vulnerability carries a CVSS Base score of 6.9 and is reported as remotely exploitable.

Affected Systems

Any installation of TeamSpeak 3 Server prior to update 3.13.8 is affected. The issue resides in the clientek Handshake component and applies to all pre‑3.13.8 releases. Users running version 3.13.7 or earlier should upgrade before vulnerability exploitation can occur.

Risk and Exploitability

The CVSS score indicates medium severity, and while EPSS data is not available the publicly available references suggest the flaw can be triggered over the network. The vulnerability is not listed in CISA KEV, but its nature allows a simple client request to activate the assertion, posing a DoS risk to administrators who keep the server exposed.

Generated by OpenCVE AI on May 27, 2026 at 19:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch by upgrading TeamSpeak 3 Server to version 3.13.8.
  • Restart the server after the update to ensure the new binaries are loaded.
  • Monitor server logs for any unexpected crashes or assertion errors to confirm the fix is effective.
  • If a patch cannot be applied immediately, restrict or isolate the server from external network access to reduce exposure.

Generated by OpenCVE AI on May 27, 2026 at 19:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in TeamSpeak 3 Server up to 3.13.7. This issue affects some unknown processing of the component clientek Handshake Handler. Performing a manipulation of the argument proof results in reachable assertion. Remote exploitation of the attack is possible. Upgrading to version 3.13.8 is capable of addressing this issue. Upgrading the affected component is recommended.
Title TeamSpeak 3 Server clientek Handshake assertion
First Time appeared Teamspeak 3 Server
Teamspeak 3 Server teamspeak 3 Server
Weaknesses CWE-617
CPEs cpe:2.3:a:teamspeak_3_server:teamspeak_3_server:*:*:*:*:*:*:*:*
Vendors & Products Teamspeak 3 Server
Teamspeak 3 Server teamspeak 3 Server
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Teamspeak 3 Server Teamspeak 3 Server
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-28T15:04:08.513Z

Reserved: 2026-03-18T15:06:05.814Z

Link: CVE-2026-4392

cve-icon Vulnrichment

Updated: 2026-05-28T15:04:00.456Z

cve-icon NVD

Status : Deferred

Published: 2026-05-27T18:16:28.763

Modified: 2026-06-17T10:56:30.827

Link: CVE-2026-4392

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T04:15:06Z

Weaknesses