CVE-2026-49475 | FreeSWITCH is a Software Defined Telecom Stack enabling the … | CVSS 7.5 HIGH

Description

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser casts to causes the parser to read and write past the end of the attribute, producing an out-of-bounds memory access on the per-leg media buffer. This issue has been patched in version 1.11.0.

Metadata

CVE ID: CVE-2026-49475
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-05-30 04:17 UTC
Published: 2026-06-09 16:00 UTC
Last updated: 2026-06-09 20:19 UTC
Primary CWE: CWE-20
CWE-20: Improper Input Validation
Vendor / Product: signalwire / freeswitch
Sources: cve.org · NVD

Severity & Metrics

7.5 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
signalwire	freeswitch	—	< 1.11.0

Weakness (CWE)

CWE	Source	Description
CWE-125	cna	CWE-125: Out-of-bounds Read
CWE-20	cna	CWE-20: Improper Input Validation
CWE-787	cna	CWE-787: Out-of-bounds Write

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.5	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (2)

https://github.com/signalwire/freeswitch/security/advisories/GHSA-9j6h-hc95-q926 https://github.com/signalwire/freeswitch/security/advisories/GHSA-9j6h-hc95-q926
https://github.com/signalwire/freeswitch/releases/tag/v1.11.0 https://github.com/signalwire/freeswitch/releases/tag/v1.11.0