CVE-2026-49847: CWE-674: Uncontrolled Recursion in signalwire freeswitch
FreeSWITCH versions prior to 1. 11. 1 contain a vulnerability where an unauthenticated WebSocket frame with a deeply nested JSON document causes uncontrolled recursion, leading to a stack overflow and process crash. This results in termination of all calls and sessions on the affected host. The issue has been patched in version 1. 11. 1.
AI Analysis
Technical Summary
CVE-2026-49847 is a high-severity vulnerability in FreeSWITCH before version 1.11.1. It involves uncontrolled recursion triggered by a single unauthenticated WebSocket frame containing a deeply nested JSON document. This recursion causes the worker thread's stack pointer to exceed the stack guard page, resulting in a SIGSEGV crash from the kernel. The crash terminates the FreeSWITCH process, disrupting all active calls and sessions. The vulnerability is classified under CWE-674 (Uncontrolled Recursion) and has a CVSS 3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The issue has been fixed in FreeSWITCH version 1.11.1.
Potential Impact
An attacker can cause a denial of service by sending a specially crafted unauthenticated WebSocket frame with a deeply nested JSON document, crashing the FreeSWITCH process. This results in termination of all calls and sessions on the host, causing service disruption. There is no confidentiality or integrity impact reported.
Mitigation Recommendations
Upgrade FreeSWITCH to version 1.11.1 or later, where this vulnerability has been patched. No other mitigation or temporary workaround is indicated. Patch status is confirmed by the vendor advisory stating the fix is in version 1.11.1.
CVE-2026-49847: CWE-674: Uncontrolled Recursion in signalwire freeswitch
Description
FreeSWITCH versions prior to 1. 11. 1 contain a vulnerability where an unauthenticated WebSocket frame with a deeply nested JSON document causes uncontrolled recursion, leading to a stack overflow and process crash. This results in termination of all calls and sessions on the affected host. The issue has been patched in version 1. 11. 1.
CVSS v3.1
Score 7.5high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-49847 is a high-severity vulnerability in FreeSWITCH before version 1.11.1. It involves uncontrolled recursion triggered by a single unauthenticated WebSocket frame containing a deeply nested JSON document. This recursion causes the worker thread's stack pointer to exceed the stack guard page, resulting in a SIGSEGV crash from the kernel. The crash terminates the FreeSWITCH process, disrupting all active calls and sessions. The vulnerability is classified under CWE-674 (Uncontrolled Recursion) and has a CVSS 3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The issue has been fixed in FreeSWITCH version 1.11.1.
Potential Impact
An attacker can cause a denial of service by sending a specially crafted unauthenticated WebSocket frame with a deeply nested JSON document, crashing the FreeSWITCH process. This results in termination of all calls and sessions on the host, causing service disruption. There is no confidentiality or integrity impact reported.
Mitigation Recommendations
Upgrade FreeSWITCH to version 1.11.1 or later, where this vulnerability has been patched. No other mitigation or temporary workaround is indicated. Patch status is confirmed by the vendor advisory stating the fix is in version 1.11.1.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-06-01T22:03:19.640Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a283e9b8dd33fbd8553f4a1
Added to database: 6/9/2026, 4:26:03 PM
Last enriched: 6/9/2026, 4:40:40 PM
Last updated: 6/9/2026, 5:34:50 PM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.