Lucene search
K

7 matches found

NVD
NVD
added 2026/06/09 5:17 p.m.12 views

CVE-2026-49848

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's checkauth userauth branch wrote request-supplied userVariables into the...

4.3CVSS0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 4:5 p.m.33 views

CVE-2026-49848 FreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto`

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's checkauth userauth branch wrote request-supplied userVariables into the...

4.3CVSS0.00172EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 4:5 p.m.7 views

CVE-2026-49848 FreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto`

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's checkauth userauth branch wrote request-supplied userVariables into the...

4.3CVSS5.4AI score0.00172EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/09 4:4 p.m.8 views

CVE-2026-49843

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...

5.3CVSS5.4AI score0.00284EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 4:2 p.m.31 views

CVE-2026-49842 FreeSWITCH: Pre-authentication bandwidth amplification via `mod_verto` speed-test frames

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...

7.5CVSS0.00449EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

FreeSWITCH 资源管理错误漏洞

FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and short message-based products and applications. Prior to FreeSWITCH version 1.11.1, there was a resource...

7.5CVSS5.3AI score0.00449EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47848

Name of the Vulnerable Software and Affected Versions FreeSWITCH versions prior to 1.11.1 Description The mod verto HTTP request handler allocates a fixed 2 MiB buffer for a POST application/x-www-form-urlencoded body but accepts a Content-Length of up to nearly 10 MiB. Because the body-read loop...

9.8CVSS5.5AI score0.00394EPSS
Exploits0References5
Rows per page
Query Builder