Poly VoIP Phone Vulnerability Revealed with Public Exploit Code Disclosed

**CVE-2026-0826:** A critical stack-based buffer overflow in Poly (HP) VoIP phones enables unauthenticated remote code execution and full administrative/root takeover; public exploit code and a Metasploit module have been released, and the vendor has published firmware updates (e.g., VVX -> UCS 6.4.8) and mitigation guidance — patch or disable the vulnerable feature immediately.