CVE Catalog

CVE-2026-49841

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

13th percentile — higher than 13% of all known CVEs

Summary

In FreeSWITCH prior to version 1.11.1, there is a vulnerability in the mod_verto HTTP request handler that leads to a heap buffer overflow. Due to improper buffer size limitation, an attacker can exploit this flaw to overflow the buffer by up to ~8 MiB.

Risk Assessment

Exploitation of this vulnerability may lead to remote code execution or system instability, posing a serious security threat to the organization.

Recommendation

It is recommended to upgrade to version 1.11.1 or later to mitigate this security issue.

Original NVD description (English source)

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for a POST application/x-www-form-urlencoded body but accepts Content-Length up to just under 10 MiB. The body-read loop is bounded by Content-Length rather than the buffer size, producing an attacker-controlled heap overflow of up to ~8 MiB -- before the HTTP basic-auth check runs. This issue has been patched in version 1.11.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS