CVE-2026-49841: CWE-122: Heap-based Buffer Overflow in signalwire freeswitch
CVE-2026-49841 is a critical heap-based buffer overflow vulnerability in the FreeSWITCH mod_verto HTTP request handler. Versions prior to 1. 11. 1 allocate a fixed 2 MiB buffer for POST requests but accept Content-Length headers up to nearly 10 MiB, leading to a heap overflow of up to approximately 8 MiB before authentication checks. This vulnerability has been patched in version 1. 11. 1.
AI Analysis
Technical Summary
FreeSWITCH's mod_verto HTTP request handler improperly bounds the body-read loop by the Content-Length header rather than the allocated buffer size, which is fixed at 2 MiB. This discrepancy allows an attacker to send a POST request with a Content-Length just under 10 MiB, causing a heap-based buffer overflow of about 8 MiB before HTTP basic authentication is performed. This vulnerability is identified as CWE-122 (Heap-based Buffer Overflow) and CWE-131 (Incorrect Calculation of Buffer Size). It affects all FreeSWITCH versions prior to 1.11.1 and has a CVSS 3.1 base score of 9.8, indicating critical severity. The issue has been fixed in version 1.11.1.
Potential Impact
Successful exploitation allows an unauthenticated remote attacker to cause a heap-based buffer overflow, potentially leading to arbitrary code execution, denial of service, or system compromise. The overflow occurs before authentication, increasing the risk of exploitation.
Mitigation Recommendations
Upgrade FreeSWITCH to version 1.11.1 or later, where this vulnerability has been patched. No other mitigations are specified. Patch status is confirmed by the vendor advisory stating the fix is included in version 1.11.1.
CVE-2026-49841: CWE-122: Heap-based Buffer Overflow in signalwire freeswitch
Description
CVE-2026-49841 is a critical heap-based buffer overflow vulnerability in the FreeSWITCH mod_verto HTTP request handler. Versions prior to 1. 11. 1 allocate a fixed 2 MiB buffer for POST requests but accept Content-Length headers up to nearly 10 MiB, leading to a heap overflow of up to approximately 8 MiB before authentication checks. This vulnerability has been patched in version 1. 11. 1.
CVSS v3.1
Score 9.8critical
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
FreeSWITCH's mod_verto HTTP request handler improperly bounds the body-read loop by the Content-Length header rather than the allocated buffer size, which is fixed at 2 MiB. This discrepancy allows an attacker to send a POST request with a Content-Length just under 10 MiB, causing a heap-based buffer overflow of about 8 MiB before HTTP basic authentication is performed. This vulnerability is identified as CWE-122 (Heap-based Buffer Overflow) and CWE-131 (Incorrect Calculation of Buffer Size). It affects all FreeSWITCH versions prior to 1.11.1 and has a CVSS 3.1 base score of 9.8, indicating critical severity. The issue has been fixed in version 1.11.1.
Potential Impact
Successful exploitation allows an unauthenticated remote attacker to cause a heap-based buffer overflow, potentially leading to arbitrary code execution, denial of service, or system compromise. The overflow occurs before authentication, increasing the risk of exploitation.
Mitigation Recommendations
Upgrade FreeSWITCH to version 1.11.1 or later, where this vulnerability has been patched. No other mitigations are specified. Patch status is confirmed by the vendor advisory stating the fix is included in version 1.11.1.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-06-01T18:50:36.057Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a283e9b8dd33fbd8553f495
Added to database: 6/9/2026, 4:26:03 PM
Last enriched: 6/9/2026, 4:40:50 PM
Last updated: 6/10/2026, 7:03:51 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.