CRITICAL🇵🇱 Wersja polska

CVE-2026-49841

CVSS 9.8v3.1pub. 2026-06-09upd. 2026-06-10

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for a POST application/x-www-form-urlencoded body but accepts Content-Length up to just under 10 MiB. The body-read loop is bounded by Content-Length rather than the buffer size, producing an attacker-controlled heap overflow of up to ~8 MiB -- before the HTTP basic-auth check runs. This issue has been patched in version 1.11.1.

🤖 AI Analysis
How it works

The HTTP POST request handling procedure in the mod_verto module allocates a fixed buffer of 2 MiB size to store the content of requests of type application/x-www-form-urlencoded. At the same time, it accepts a Content-Length header value reaching up to nearly 10 MiB. The loop reading data from the request body is limited by the Content-Length value rather than the buffer size, allowing an attacker to perform a controlled heap buffer overflow (heap overflow) of up to approximately 8 MiB. Importantly, the overflow occurs before any HTTP Basic Auth authentication check is performed, so the exploit does not require any credentials.

Impact

A remote, unauthenticated attacker can achieve arbitrary code execution (RCE), disclosure of sensitive data, or service unavailability through a controlled heap buffer overflow.

Mitigation & patch

FreeSWITCH should be updated to version 1.11.1, where the vulnerability has been fixed. The patch is available in the official project repository: https://github.com/signalwire/freeswitch/releases/tag/v1.11.1. Until an update is applied, it is recommended to restrict network access to the HTTP interface of the mod_verto module using a firewall or disable this module if it is not required.

Who is affected

FreeSWITCH versions prior to 1.11.1 with the active mod_verto module and an accessible HTTP interface.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Freeswitch

    APP
    Freeswitch
    < 1.11.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2026-49840CRITICAL9.1PL ✓ten sam produkt

FreeSWITCH libesl: heap buffer overflow przez ujemny Content-Length w ESL

CVE-2019-19492CRITICAL9.8ten sam produkt

FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.

CVE-2026-49475HIGH7.5ten sam produkt

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom sw...

CVE-2026-45771HIGH7.5ten sam produkt

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom sw...

CVE-2026-49842HIGH7.5ten sam produkt

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom sw...