Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution. Affected packages Package net-misc/asterisk on all architectures Affected versions < 18.26.3 Unaffected versions >= 18.26.3 Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/asterisk-18.26.3" References CVE-2025-1131 CVE-2025-49832 CVE-2025-57767 GHSA-64qc-9x89-rx5j GHSA-mrq5-74j5-f5cr GHSA-v9q8-9j8m-5xwp Release date January 26, 2026 Latest revision January 26, 2026: 1 Severity high Exploitable remote Bugzilla entries 960930