CVE-2026-45771: CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') in signalwire freeswitch
FreeSWITCH versions prior to 1. 11. 0 contain a vulnerability in their bundled XML parser where nested <! ENTITY> declarations are expanded without limits, leading to exponential resource consumption (the 'billion laughs' attack). This occurs when processing the PIDF body of a SIP PUBLISH request before authentication, allowing unauthenticated attackers to cause denial of service by exhausting CPU and memory. The issue is fixed in version 1. 11. 0.
AI Analysis
Technical Summary
CVE-2026-45771 describes an XML entity expansion vulnerability (CWE-776) in FreeSWITCH's bundled XML parser before version 1.11.0. The parser expands recursive nested <!ENTITY> declarations without bounding depth or count, enabling an attacker to craft a small DTD that expands exponentially, causing unbounded CPU and memory consumption. This vulnerability is exploitable via the PIDF body of a SIP PUBLISH request, which is parsed prior to any authentication checks, allowing unauthenticated network attackers to trigger denial of service conditions. The vulnerability has been patched in FreeSWITCH version 1.11.0.
Potential Impact
An unauthenticated remote attacker can cause a denial of service by sending a specially crafted SIP PUBLISH request containing a malicious PIDF body with recursive XML entities. This leads to unbounded CPU and memory consumption on the affected FreeSWITCH server, potentially disrupting telecom services. There is no impact on confidentiality or integrity reported.
Mitigation Recommendations
Upgrade FreeSWITCH to version 1.11.0 or later, where the XML parser has been patched to limit recursive entity expansion. Since the vulnerability is fixed in 1.11.0, applying this official update fully mitigates the issue. No other vendor advisories or temporary fixes are indicated.
CVE-2026-45771: CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') in signalwire freeswitch
Description
FreeSWITCH versions prior to 1. 11. 0 contain a vulnerability in their bundled XML parser where nested <! ENTITY> declarations are expanded without limits, leading to exponential resource consumption (the 'billion laughs' attack). This occurs when processing the PIDF body of a SIP PUBLISH request before authentication, allowing unauthenticated attackers to cause denial of service by exhausting CPU and memory. The issue is fixed in version 1. 11. 0.
CVSS v3.1
Score 7.5high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-45771 describes an XML entity expansion vulnerability (CWE-776) in FreeSWITCH's bundled XML parser before version 1.11.0. The parser expands recursive nested <!ENTITY> declarations without bounding depth or count, enabling an attacker to craft a small DTD that expands exponentially, causing unbounded CPU and memory consumption. This vulnerability is exploitable via the PIDF body of a SIP PUBLISH request, which is parsed prior to any authentication checks, allowing unauthenticated network attackers to trigger denial of service conditions. The vulnerability has been patched in FreeSWITCH version 1.11.0.
Potential Impact
An unauthenticated remote attacker can cause a denial of service by sending a specially crafted SIP PUBLISH request containing a malicious PIDF body with recursive XML entities. This leads to unbounded CPU and memory consumption on the affected FreeSWITCH server, potentially disrupting telecom services. There is no impact on confidentiality or integrity reported.
Mitigation Recommendations
Upgrade FreeSWITCH to version 1.11.0 or later, where the XML parser has been patched to limit recursive entity expansion. Since the vulnerability is fixed in 1.11.0, applying this official update fully mitigates the issue. No other vendor advisories or temporary fixes are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-13T07:45:21.251Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a283e988dd33fbd8553f3eb
Added to database: 6/9/2026, 4:26:00 PM
Last enriched: 6/9/2026, 4:41:10 PM
Last updated: 6/10/2026, 7:17:52 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.