CVE-2026-49472

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...

CVE-2026-49847

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes...

CVE-2026-49841

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the modverto HTTP request handler allocates a fixed 2 MiB buffer for a POST...

CVE-2026-49842

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...

CVE-2026-49848

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's checkauth userauth branch wrote request-supplied userVariables into the...

CVE-2026-49841

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the modverto HTTP request handler allocates a fixed 2 MiB buffer for a POST...

CVE-2026-49475

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser...

CVE-2026-49840

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, eslrecvevent parses Content-Length with atol and passes the result straight to malloclen ...

CVE-2026-45771

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...

CVE-2026-49848

FreeSWITCH CVE-2026-49848: In mod_verto, the pre-authentication check_auth path writes request-supplied userVariables into the connection state before password comparison. Writes are append-only and the connection isn’t closed on a failed compare, so values from bad-password attempts persist on t...

CVE-2026-49847

CVE-2026-49847 affects FreeSWITCH prior to version 1.11.1, where a single unauthenticated WebSocket frame containing a deeply nested JSON document can trigger a stack overflow in the bundled cJSON parser. The recursion drives the worker thread’s stack into the guard page, causing a kernel SIGSEGV...

CVE-2026-49842 FreeSWITCH: Pre-authentication bandwidth amplification via `mod_verto` speed-test frames

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...

CVE-2026-49841 FreeSWITCH: Pre-authentication heap buffer overflow in `mod_verto` HTTP POST body read

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the modverto HTTP request handler allocates a fixed 2 MiB buffer for a POST...

CVE-2026-49840 FreeSWITCH: Pre-authentication heap buffer overflow in libesl `Content-Length` parsing

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, eslrecvevent parses Content-Length with atol and passes the result straight to malloclen ...

CVE-2026-49840 FreeSWITCH: Pre-authentication heap buffer overflow in libesl `Content-Length` parsing

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, eslrecvevent parses Content-Length with atol and passes the result straight to malloclen ...

CVE-2026-49475 FreeSWITCH: Out-of-bounds memory access in core STUN attribute parsing

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser...

CVE-2026-49472 FreeSWITCH includes a vulnerable function, PREFIX(prologTok)() from libexpat

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...

CVE-2026-45771

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...

PT-2026-47850

Name of the Vulnerable Software and Affected Versions FreeSWITCH versions prior to 1.11.1 Description In the mod verto module, the JSON-RPC handler binds the connection to the client-supplied sessid during the first frame before the authentication gate. This binding process inserts the connection...

PT-2026-47848

Name of the Vulnerable Software and Affected Versions FreeSWITCH versions prior to 1.11.1 Description The mod verto HTTP request handler allocates a fixed 2 MiB buffer for a POST application/x-www-form-urlencoded body but accepts a Content-Length of up to nearly 10 MiB. Because the body-read loop...