CVE Catalog

CVE-2026-49843

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.06%

18th percentile - higher than 18% of all known CVEs

Summary

In versions prior to 1.11.1, the mod_verto module in FreeSWITCH had a JSON-RPC handling issue that allowed binding a connection to a client-supplied session ID before authentication. This could lead to an unauthorized attacker evicting a legitimate client by knowing the session UUID.

Risk Assessment

The organization may be exposed to attacks that allow unauthorized users to evict authorized clients, potentially leading to communication disruptions and data loss.

Recommendation

It is recommended to upgrade to version 1.11.1 or later to mitigate this vulnerability and secure the system against potential attacks.

Original NVD description (English source)

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, mod_verto's JSON-RPC handler bound the connection to the client-supplied sessid on the first frame, before the authentication gate. Binding inserts the connection into the global session hash and, on a key collision, drops the prior occupant of that slot — sending it a verto.punt, detaching its calls, and closing its socket. An unauthenticated network attacker who knows a target session UUID could therefore evict the legitimate client. This issue has been patched in version 1.11.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS