Skip to main content

Freeswitch

22 CVEs product

Monthly

CVE-2026-49848 MEDIUM PATCH This Month

mod_verto session state pollution in FreeSWITCH allows an authenticated WebSocket user to inject arbitrary userVariables into connection state before password verification completes, with those values persisting into any subsequent successful login on the same connection. All versions prior to 1.11.1 are affected via the check_auth userauth branch, which performs append-only state writes before the password comparison gate, and crucially does not close the connection on a failed compare. No public exploit has been identified and the vulnerability is not in CISA KEV, but the vendor explicitly labeled this release a critical security fix and strongly urged immediate upgrade.

Authentication Bypass Freeswitch
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-49847 HIGH PATCH This Week

Denial of service in FreeSWITCH prior to version 1.11.1 allows remote unauthenticated attackers to crash the entire telephony process by sending a single WebSocket frame carrying a deeply nested JSON document. The recursive parsing exhausts the worker thread's stack and triggers SIGSEGV via the kernel stack guard page, terminating all active calls and sessions on the host. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV, but the trivial network-reachable trigger and availability-only impact make it a credible service-disruption risk for exposed VoIP infrastructure.

Denial Of Service Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-49843 MEDIUM PATCH This Month

Session eviction via unauthenticated sessid collision in FreeSWITCH mod_verto (all versions prior to 1.11.1) allows a remote unauthenticated attacker who knows a target client's session UUID to forcibly disconnect that client - terminating active calls and closing their WebSocket connection - by racing a crafted JSON-RPC first-frame before the authentication gate. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms full network reachability with no credentials required; the sole prerequisite is knowledge of the victim's session UUID. No public exploit has been identified at time of analysis, and the issue is not listed in the CISA KEV catalog.

Authentication Bypass Freeswitch
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-49842 HIGH PATCH This Week

Unauthenticated outbound bandwidth amplification in FreeSWITCH versions prior to 1.11.1 allows remote attackers to coerce the server into emitting roughly 20 GB of traffic per short request via the mod_verto WebSocket #SPU speed-test command. The pre-auth code path parses the requested payload size with atoi() and only rejects non-positive values, letting a peer ask for up to INT_MAX bytes and triggering a size*10 download. No public exploit is identified at time of analysis, but the high-severity CVSS (7.5, A:H) and trivial trigger make this a credible DDoS-as-a-service primitive.

Denial Of Service Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-49841 CRITICAL PATCH Act Now

Heap buffer overflow in FreeSWITCH mod_verto prior to version 1.11.1 allows remote unauthenticated attackers to corrupt up to ~8 MiB of heap memory by sending a crafted HTTP POST request with an oversized Content-Length header. The flaw is triggered before HTTP basic-auth validation runs, enabling pre-authentication exploitation against any exposed mod_verto HTTP endpoint, with CVSS 9.8 reflecting potential for remote code execution; no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Freeswitch
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-49840 CRITICAL PATCH Act Now

Heap corruption in FreeSWITCH libesl prior to version 1.11.1 allows a malicious or man-in-the-middle Event Socket Library (ESL) peer to crash or corrupt the memory of any process linked against libesl by sending a frame containing a negative Content-Length header. The flaw is pre-authentication and reachable before the client completes authentication to the peer, and no public exploit identified at time of analysis despite a CVSS of 9.1.

Denial Of Service Freeswitch
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-49475 HIGH PATCH This Week

Out-of-bounds memory access in FreeSWITCH versions prior to 1.11.0 allows remote unauthenticated attackers to crash the telephony stack by sending a malformed STUN packet whose declared attribute length is smaller than the structure the parser casts it to. No public exploit has been identified at time of analysis, but the network-reachable nature of STUN on media-handling deployments makes this a denial-of-service risk for any exposed FreeSWITCH instance handling WebRTC or NAT-traversal traffic.

Buffer Overflow Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-49472 MEDIUM PATCH This Month

Denial-of-service exposure in FreeSWITCH versions prior to 1.11.0 stems from a vendored, unpatched copy of libexpat XML tokenization code embedded in the bundled xmlrpc-c library. The function PREFIX(prologTok)() in libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c was cloned from an outdated upstream libexpat release and never received the corresponding security fix, leaving FreeSWITCH's XML parsing surface vulnerable. An authenticated low-privilege attacker over the network can exploit this to achieve high availability impact against the telecom stack; no public exploit or CISA KEV listing has been identified at time of analysis.

Information Disclosure Freeswitch
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-45771 HIGH PATCH This Week

Denial of service in FreeSWITCH versions prior to 1.11.0 allows unauthenticated remote attackers to exhaust CPU and memory by sending a single SIP PUBLISH request whose PIDF body contains a malicious DTD with nested entity declarations. The bundled XML parser expands these entities before any digest authentication check, making this a pre-auth resource exhaustion vector (CWE-776, classic 'billion laughs'). No public exploit identified at time of analysis, but the CVSS 7.5 availability-only impact reflects a high-confidence DoS condition against any exposed FreeSWITCH instance.

Information Disclosure Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-51443 MEDIUM POC PATCH This Month

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Freeswitch
NVD GitHub
CVSS 3.1
5.9
EPSS
1.5%
CVE-2023-40019 MEDIUM POC This Month

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Freeswitch
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-40018 HIGH This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-41158 HIGH POC PATCH This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-41157 MEDIUM POC PATCH This Month

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Freeswitch
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-41145 HIGH POC This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-41105 HIGH POC This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-37624 HIGH POC This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2021-36513 HIGH POC This Week

An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-19492 CRITICAL POC THREAT Emergency

FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freeswitch
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
29.0%
CVE-2018-19911 HIGH POC This Week

FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

CSRF Command Injection Freeswitch
NVD GitHub
CVSS 3.0
7.5
EPSS
2.7%
CVE-2015-7392 HIGH POC This Week

Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Freeswitch
NVD
CVSS 2.0
7.5
EPSS
4.1%
CVE-2013-2238 MEDIUM POC PATCH This Month

Multiple buffer overflows in the switch_perform_substitution function in switch_regex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service RCE Freeswitch
NVD
CVSS 2.0
6.8
EPSS
2.4%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

mod_verto session state pollution in FreeSWITCH allows an authenticated WebSocket user to inject arbitrary userVariables into connection state before password verification completes, with those values persisting into any subsequent successful login on the same connection. All versions prior to 1.11.1 are affected via the check_auth userauth branch, which performs append-only state writes before the password comparison gate, and crucially does not close the connection on a failed compare. No public exploit has been identified and the vulnerability is not in CISA KEV, but the vendor explicitly labeled this release a critical security fix and strongly urged immediate upgrade.

Authentication Bypass Freeswitch
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in FreeSWITCH prior to version 1.11.1 allows remote unauthenticated attackers to crash the entire telephony process by sending a single WebSocket frame carrying a deeply nested JSON document. The recursive parsing exhausts the worker thread's stack and triggers SIGSEGV via the kernel stack guard page, terminating all active calls and sessions on the host. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV, but the trivial network-reachable trigger and availability-only impact make it a credible service-disruption risk for exposed VoIP infrastructure.

Denial Of Service Freeswitch
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Session eviction via unauthenticated sessid collision in FreeSWITCH mod_verto (all versions prior to 1.11.1) allows a remote unauthenticated attacker who knows a target client's session UUID to forcibly disconnect that client - terminating active calls and closing their WebSocket connection - by racing a crafted JSON-RPC first-frame before the authentication gate. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms full network reachability with no credentials required; the sole prerequisite is knowledge of the victim's session UUID. No public exploit has been identified at time of analysis, and the issue is not listed in the CISA KEV catalog.

Authentication Bypass Freeswitch
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unauthenticated outbound bandwidth amplification in FreeSWITCH versions prior to 1.11.1 allows remote attackers to coerce the server into emitting roughly 20 GB of traffic per short request via the mod_verto WebSocket #SPU speed-test command. The pre-auth code path parses the requested payload size with atoi() and only rejects non-positive values, letting a peer ask for up to INT_MAX bytes and triggering a size*10 download. No public exploit is identified at time of analysis, but the high-severity CVSS (7.5, A:H) and trivial trigger make this a credible DDoS-as-a-service primitive.

Denial Of Service Freeswitch
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Heap buffer overflow in FreeSWITCH mod_verto prior to version 1.11.1 allows remote unauthenticated attackers to corrupt up to ~8 MiB of heap memory by sending a crafted HTTP POST request with an oversized Content-Length header. The flaw is triggered before HTTP basic-auth validation runs, enabling pre-authentication exploitation against any exposed mod_verto HTTP endpoint, with CVSS 9.8 reflecting potential for remote code execution; no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Freeswitch
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Heap corruption in FreeSWITCH libesl prior to version 1.11.1 allows a malicious or man-in-the-middle Event Socket Library (ESL) peer to crash or corrupt the memory of any process linked against libesl by sending a frame containing a negative Content-Length header. The flaw is pre-authentication and reachable before the client completes authentication to the peer, and no public exploit identified at time of analysis despite a CVSS of 9.1.

Denial Of Service Freeswitch
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds memory access in FreeSWITCH versions prior to 1.11.0 allows remote unauthenticated attackers to crash the telephony stack by sending a malformed STUN packet whose declared attribute length is smaller than the structure the parser casts it to. No public exploit has been identified at time of analysis, but the network-reachable nature of STUN on media-handling deployments makes this a denial-of-service risk for any exposed FreeSWITCH instance handling WebRTC or NAT-traversal traffic.

Buffer Overflow Freeswitch
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Denial-of-service exposure in FreeSWITCH versions prior to 1.11.0 stems from a vendored, unpatched copy of libexpat XML tokenization code embedded in the bundled xmlrpc-c library. The function PREFIX(prologTok)() in libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c was cloned from an outdated upstream libexpat release and never received the corresponding security fix, leaving FreeSWITCH's XML parsing surface vulnerable. An authenticated low-privilege attacker over the network can exploit this to achieve high availability impact against the telecom stack; no public exploit or CISA KEV listing has been identified at time of analysis.

Information Disclosure Freeswitch
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in FreeSWITCH versions prior to 1.11.0 allows unauthenticated remote attackers to exhaust CPU and memory by sending a single SIP PUBLISH request whose PIDF body contains a malicious DTD with nested entity declarations. The bundled XML parser expands these entities before any digest authentication check, making this a pre-auth resource exhaustion vector (CWE-776, classic 'billion laughs'). No public exploit identified at time of analysis, but the CVSS 7.5 availability-only impact reflects a high-confidence DoS condition against any exposed FreeSWITCH instance.

Information Disclosure Freeswitch
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM POC PATCH This Month

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Freeswitch
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Freeswitch
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Freeswitch
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Freeswitch
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Freeswitch
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Freeswitch
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Freeswitch
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freeswitch
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Freeswitch
NVD GitHub
EPSS 29% CVSS 9.8
CRITICAL POC THREAT Emergency

FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freeswitch
NVD Exploit-DB
EPSS 3% CVSS 7.5
HIGH POC This Week

FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

CSRF Command Injection Freeswitch
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC This Week

Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Freeswitch
NVD
EPSS 2% CVSS 6.8
MEDIUM POC PATCH This Month

Multiple buffer overflows in the switch_perform_substitution function in switch_regex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy