CVE-2026-49842: CWE-400: Uncontrolled Resource Consumption in signalwire freeswitch
FreeSWITCH versions prior to 1. 11. 1 contain a vulnerability in the mod_verto WebSocket frame loop where an unauthenticated attacker can send specially crafted speed-test protocol requests with large payload sizes. This leads to uncontrolled resource consumption due to outbound bandwidth amplification of roughly 20 GB per request. The issue is fixed in version 1. 11. 1.
AI Analysis
Technical Summary
CVE-2026-49842 is an uncontrolled resource consumption vulnerability (CWE-400) in FreeSWITCH's mod_verto module before version 1.11.1. The vulnerability arises because the WebSocket frame loop intercepts #-prefixed speed-test protocol messages (#SPU / #SPB / #SPE) before any authentication. The payload size declared in the #SPU message is parsed using atoi() and only non-positive values are rejected, allowing an unauthenticated attacker to specify payload sizes up to INT_MAX. This causes the server to send approximately size * 10 bytes back during the download phase, resulting in significant outbound bandwidth amplification (around 20 GB per request). This can lead to denial of service through resource exhaustion. The vulnerability has been patched in FreeSWITCH version 1.11.1.
Potential Impact
An unauthenticated attacker can exploit this vulnerability to cause a denial of service by forcing the server to consume excessive outbound bandwidth, potentially disrupting service availability. There is no impact on confidentiality or integrity reported.
Mitigation Recommendations
Upgrade FreeSWITCH to version 1.11.1 or later, where this vulnerability has been patched. Patch status is confirmed by the vendor advisory indicating the fix in version 1.11.1. No other mitigations are specified.
CVE-2026-49842: CWE-400: Uncontrolled Resource Consumption in signalwire freeswitch
Description
FreeSWITCH versions prior to 1. 11. 1 contain a vulnerability in the mod_verto WebSocket frame loop where an unauthenticated attacker can send specially crafted speed-test protocol requests with large payload sizes. This leads to uncontrolled resource consumption due to outbound bandwidth amplification of roughly 20 GB per request. The issue is fixed in version 1. 11. 1.
CVSS v3.1
Score 7.5high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-49842 is an uncontrolled resource consumption vulnerability (CWE-400) in FreeSWITCH's mod_verto module before version 1.11.1. The vulnerability arises because the WebSocket frame loop intercepts #-prefixed speed-test protocol messages (#SPU / #SPB / #SPE) before any authentication. The payload size declared in the #SPU message is parsed using atoi() and only non-positive values are rejected, allowing an unauthenticated attacker to specify payload sizes up to INT_MAX. This causes the server to send approximately size * 10 bytes back during the download phase, resulting in significant outbound bandwidth amplification (around 20 GB per request). This can lead to denial of service through resource exhaustion. The vulnerability has been patched in FreeSWITCH version 1.11.1.
Potential Impact
An unauthenticated attacker can exploit this vulnerability to cause a denial of service by forcing the server to consume excessive outbound bandwidth, potentially disrupting service availability. There is no impact on confidentiality or integrity reported.
Mitigation Recommendations
Upgrade FreeSWITCH to version 1.11.1 or later, where this vulnerability has been patched. Patch status is confirmed by the vendor advisory indicating the fix in version 1.11.1. No other mitigations are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-06-01T18:50:36.057Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a283e9b8dd33fbd8553f499
Added to database: 6/9/2026, 4:26:03 PM
Last enriched: 6/9/2026, 4:40:45 PM
Last updated: 6/9/2026, 5:34:50 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.