CVE-2026-49841
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
In FreeSWITCH prior to version 1.11.1, there is a vulnerability in the mod_verto HTTP request handler that leads to a heap buffer overflow. Due to improper buffer size limitation, an attacker can exploit this flaw to overflow the buffer by up to ~8 MiB.
Risk Assessment
Exploitation of this vulnerability may lead to remote code execution or system instability, posing a serious security threat to the organization.
Recommendation
It is recommended to upgrade to version 1.11.1 or later to mitigate this security issue.
Original NVD description (English source)
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for a POST application/x-www-form-urlencoded body but accepts Content-Length up to just under 10 MiB. The body-read loop is bounded by Content-Length rather than the buffer size, producing an attacker-controlled heap overflow of up to ~8 MiB -- before the HTTP basic-auth check runs. This issue has been patched in version 1.11.1.

