TeamSpeak 3 Server & SDK Multiple Denial of Service Vulnerabilities Advisory (CVE-2026-4390/4391/4392)

Vulnerability Overview TeamSpeak has released a security update addressing multiple vulnerabilities affecting TeamSpeak 3 Server and TeamSpeak SDK server-side integrations. These vulnerabilities could allow remote attackers to cause denial-of-service conditions, such as service instability or server restarts, by sending crafted network requests. Affected Versions TeamSpeak 3 Server - Affected versions: 3.13.7 and below - Fixed versions: 3.13.8 - CVE IDs: CVE-2026-4390, CVE-2026-4391, CVE-2026-4392 TeamSpeak SDK (Server-Side Integrations) - Affected versions: 3.3.1 and below - Fixed versions: 3.5.0 - CVE IDs: CVE-2026-4390, CVE-2026-4392 Remediation TeamSpeak recommends updating affected deployments to the latest version immediately: Update TeamSpeak 3 Server to version 3.13.8 Update TeamSpeak SDK to version 3.5.0 Vulnerability Details CVE-2026-4390 Title: Denial of Service caused by inconsistent connection state management Severity: High (CVSS 7.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Impact: A vulnerability in connection state handling could allow a remote attacker to trigger a denial-of-service condition, potentially resulting in service instability or server restarts. CVE-2026-4391 Title: Denial of Service caused by heap buffer overflow in ECC key parsing Severity: High (CVSS 7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Impact: A vulnerability in ECC key parsing could allow a remote attacker to trigger a denial-of-service condition via crafted network input. CVE-2026-4392 Title: Denial of Service caused by assertion failure triggered by crafted input Severity: High (CVSS 7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Impact: A vulnerability in input validation could allow a remote attacker to trigger a denial-of-service condition, resulting in service instability or server restarts. Exploitation Status Currently, TeamSpeak has not observed any active exploitation in customer environments. Acknowledgments TeamSpeak thanks Michael Imfeld and the modzero team for identifying these issues and responsibly disclosing them through the coordinated disclosure process. References TeamSpeak Downloads Contact For assistance, please contact the TeamSpeak Support team at: support@teamspeak.com

Goal Reached Thanks to every supporter — we hit 100%!

TeamSpeak 3 Server & SDK Multiple Denial of Service Vulnerabilities Advisory (CVE-2026-4390/4391/4392)