CVE-2026-0792 is a stack-based buffer overflow vulnerability identified in the ALGO 8180 IP Audio Alerter, specifically in version 5.5. The flaw exists in the handling of the Alert-Info header within SIP INVITE requests, where the device fails to properly validate the length of user-supplied data before copying it into a fixed-length stack buffer. This lack of bounds checking enables a remote attacker to overflow the buffer and execute arbitrary code on the device with the same privileges as the running process. Exploitation requires no authentication or user interaction, making it highly accessible to attackers who can send crafted SIP INVITE messages to the device. The vulnerability is categorized under CWE-121 (Stack-based Buffer Overflow) and has been assigned a CVSS v3.0 base score of 8.1, indicating high severity with network attack vector, high impact on confidentiality, integrity, and availability, and no privileges or user interaction required. The device is typically used in IP-based audio alerting systems, often deployed in enterprise or public safety environments to broadcast alerts. While no known exploits have been observed in the wild yet, the potential for remote code execution poses a significant risk. The vulnerability was publicly disclosed in January 2026 and tracked under ZDI-CAN-28301. No official patches were listed at the time of disclosure, emphasizing the need for immediate defensive measures.

The vulnerability allows remote attackers to execute arbitrary code on ALGO 8180 IP Audio Alerter devices without authentication, potentially leading to full compromise of the device. This can result in unauthorized control over audio alerting systems, disruption of critical communication channels, and exposure of sensitive information. For European organizations, especially those in public safety, emergency services, or large enterprises relying on these devices for alerting, the impact includes loss of availability of alert systems, manipulation of alert messages, and potential lateral movement within internal networks. The high CVSS score reflects the broad impact on confidentiality, integrity, and availability. If exploited, attackers could disrupt emergency notifications or use compromised devices as footholds for further attacks. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, as proof-of-concept exploits may emerge rapidly after disclosure.

1. Monitor ALGO’s official channels for patches addressing CVE-2026-0792 and apply them immediately upon release. 2. In the absence of patches, implement network-level controls to restrict SIP INVITE traffic to trusted sources only, using firewalls or SIP-aware intrusion prevention systems. 3. Employ deep packet inspection to detect and block malformed or suspicious Alert-Info headers in SIP traffic. 4. Segment the network to isolate ALGO 8180 devices from general enterprise networks, limiting exposure to potential attackers. 5. Regularly audit and monitor device logs for unusual SIP traffic patterns or signs of exploitation attempts. 6. Consider deploying virtual patching via network security appliances to mitigate the vulnerability until official fixes are available. 7. Educate network and security teams about this vulnerability to ensure rapid response to any indicators of compromise.