CVE-2026-49841

CRITICAL 9.8

FreeSWITCH: Pre-authentication heap buffer overflow in `mod_verto` HTTP POST body read

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for a POST application/x-www-form-urlencoded body but accepts Content-Length up to just under 10 MiB. The body-read loop is bounded by Content-Length rather than the buffer size, producing an attacker-controlled heap overflow of up to ~8 MiB -- before the HTTP basic-auth check runs. This issue has been patched in version 1.11.1.

CWE	CWE-122 CWE-131
Vendor	signalwire
Product	freeswitch
Published	Jun 9, 2026
Last Updated	Jun 9, 2026

Stay Ahead of the Next One

Get instant alerts for signalwire freeswitch

Be the first to know when new critical vulnerabilities affecting signalwire freeswitch are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

signalwire / freeswitch

< 1.11.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/signalwire/freeswitch/security/advisories/GHSA-wfrq-qvg2-f88f github.com: https://github.com/signalwire/freeswitch/releases/tag/v1.11.1