← back
CVE-2026-4390

TeamSpeak 3 Server Connection State Management process_resend_queue use after free

CVSS 5.3 MEDIUMEPSS 0.3%CWE-119CWE-416
A weakness has been identified in TeamSpeak 3 Server up to 3.13.7. This affects the function process_resend_queue of the component Connection State Management. This manipulation causes use after free. The attack may be initiated remotely. Upgrading to version 3.13.8 is able to mitigate this issue. The affected component should be upgraded.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
Affected products
n/a · TeamSpeak 3 Server
public PoCs found1
githubgithub.com/born0monday/teamspeak3-vulnerabilities0
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://files.teamspeak-services.com/docs/security/TS-SA-2026-001.htmlhttps://modzero.com/en/advisories/mz-26-01-teamspeak/https://vuldb.com/vuln/366314https://vuldb.com/vuln/366314/ctihttps://www.teamspeak.com/en/downloads/#server