diff --git a/kamailio/default.cfg b/kamailio/default.cfg
index 23bbd0a..bf51561 100644
--- a/kamailio/default.cfg
+++ b/kamailio/default.cfg
@@ -382,6 +382,12 @@ route[CHECK_RETRANS]
 
 route[SANITY_CHECK]
 {
+    ## CVE-2018-14767
+    if($(hdr(To)[1]) != $null) {
+        xlog("second To header not null - dropping message");
+        drop;
+    }
+    
     if (!sanity_check()) {
         xlog("L_WARN", "$ci|end|message from $si:$sp is insane\n");
         exit;