CVE-2026-2891
HighCVSS 8.2Exploitation Probability (EPSS)
Low risk17th percentile — higher than 17% of all known CVEs
Summary
A vulnerability in Poly Voice IP devices (CCX, Trio, Edge E) may render them inoperable when connecting to a malicious SIP server and receiving malformed data. HP is releasing updates to mitigate this risk.
Risk Assessment
An attacker can remotely disable VoIP devices, causing voice communication outages and potential operational losses.
Recommendation
Immediately apply HP firmware updates for CCX, Trio, and Edge E models. Restrict trusted SIP connections to verified servers only.
Original NVD description (English source)
The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities.

