CVE-2026-49848

MEDIUM 4.3

FreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto`

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, mod_verto's check_auth userauth branch wrote request-supplied userVariables into the connection state before comparing the supplied password. The writes are append-only and the connection is not closed on a failed compare, so values declared on bad-password attempts persisted on the same WebSocket and carried into a subsequent successful login on that connection. This issue has been patched in version 1.11.1.

CWE	CWE-287
Vendor	signalwire
Product	freeswitch
Published	Jun 9, 2026
Last Updated	Jun 9, 2026

Stay Ahead of the Next One

Get instant alerts for signalwire freeswitch

Be the first to know when new medium vulnerabilities affecting signalwire freeswitch are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Affected Versions

signalwire / freeswitch

< 1.11.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/signalwire/freeswitch/security/advisories/GHSA-j38x-xm7f-9p2f github.com: https://github.com/signalwire/freeswitch/releases/tag/v1.11.1