diff --git a/kamailio/default.cfg b/kamailio/default.cfg
index d6ff5aa..d6a4d37 100644
--- a/kamailio/default.cfg
+++ b/kamailio/default.cfg
@@ -378,6 +378,12 @@ route[CHECK_RETRANS]
 
 route[SANITY_CHECK]
 {
+    ## CVE-2018-14767
+    if($(hdr(To)[1]) != $null) {
+        xlog("second To header not null - dropping message");
+        drop;
+    }
+    
     if (!sanity_check()) {
         xlog("L_WARN", "$ci|end|message from $si:$sp is insane\n");
         exit;