CVE-2026-49475
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk19th percentile - higher than 19% of all known CVEs
Summary
In versions prior to 1.11.0, FreeSWITCH has a vulnerability related to the processing of STUN packets that can lead to unauthorized memory access. The issue arises when the declared attribute length in the packet is shorter than the structure, causing reads and writes beyond the attribute's boundaries.
Risk Assessment
Organizations using FreeSWITCH may be exposed to attacks that exploit this vulnerability to gain access to sensitive data or destabilize the system. Potential impacts include service outages and security breaches.
Recommendation
It is recommended to upgrade FreeSWITCH to version 1.11.0 or later to mitigate this vulnerability. Additionally, monitoring systems for unauthorized access attempts is advisable.
Original NVD description (English source)
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser casts to causes the parser to read and write past the end of the attribute, producing an out-of-bounds memory access on the per-leg media buffer. This issue has been patched in version 1.11.0.

