CVE-2026-0792 identifies a stack-based buffer overflow vulnerability (CWE-121) in the ALGO 8180 IP Audio Alerter, a device used for IP-based audio alerting. The vulnerability is triggered by the device's SIP INVITE request handling, specifically the Alert-Info header, which lacks proper length validation before copying data into a fixed-length stack buffer. This improper validation allows an attacker to overflow the buffer, potentially overwriting the stack and enabling arbitrary code execution on the device. The exploit requires no authentication or user interaction, making it remotely exploitable over the network. The CVSS v3.0 score of 8.1 reflects the high impact on confidentiality, integrity, and availability, though the attack complexity is high, indicating some difficulty in exploitation. The vulnerability was reserved and published in January 2026, with no known public exploits yet. The affected product version is 5.5 of the ALGO 8180 IP Audio Alerter. The device’s role in IP audio alerting means successful exploitation could disrupt alerting systems, compromise device integrity, or allow attackers to pivot within a network. The vulnerability was reported by the Zero Day Initiative (ZDI) under CAN-28301. No patches are currently linked, emphasizing the need for proactive mitigation.

For European organizations, this vulnerability poses a significant threat to operational continuity and security, especially in environments relying on ALGO 8180 IP Audio Alerter devices for critical alerting functions such as emergency notifications, public address, or security alarms. Successful exploitation could lead to remote code execution, allowing attackers to disrupt alerting services, manipulate audio outputs, or use compromised devices as footholds for further network intrusion. Confidentiality of communications may be compromised if attackers intercept or alter alert messages. Integrity and availability of alerting systems are at high risk, potentially impacting safety and response times in critical infrastructure sectors like transportation, healthcare, and public safety. The unauthenticated nature of the exploit increases the attack surface, allowing external threat actors to target devices exposed to SIP traffic. Given the high CVSS score and potential for widespread disruption, European organizations must treat this vulnerability as a priority security concern.

1. Implement network-level controls to restrict SIP traffic to trusted sources only, using firewalls and SIP-aware intrusion prevention systems to block malformed or unexpected SIP INVITE requests containing suspicious Alert-Info headers. 2. Employ deep packet inspection to detect and filter anomalous SIP messages that exceed normal header length parameters. 3. Isolate ALGO 8180 devices on segmented VLANs with strict access controls to limit exposure to untrusted networks. 4. Monitor network traffic and device logs for unusual SIP activity or crashes indicative of exploitation attempts. 5. Coordinate with ALGO for timely firmware updates or patches addressing this vulnerability; if unavailable, consider temporary device replacement or disabling SIP alerting features where feasible. 6. Conduct regular security assessments and penetration testing focusing on VoIP and IP audio alerting infrastructure. 7. Educate network and security teams about this specific vulnerability to ensure rapid detection and response. 8. Apply strict input validation and rate limiting at the network edge to reduce the risk of buffer overflow attempts.