CVE-2026-49840
9.1 CRITICALFreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implem...
Published: 2026-06-09 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 9.1 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
- CWE
- CWE-122, CWE-195, CWE-20, CWE-787
Description
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl_recv_event() parses Content-Length with atol() and passes the result straight to malloc(len + 1) with no sign or magnitude check. A malicious or man-in-the-middle ESL peer can send a frame with a negative Content-Length to corrupt the heap of, or crash, any process linked against libesl, before the client has authenticated to that peer. This issue has been patched in version 1.11.1.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-45542 — ESF-IDF is the Espressif Internet of Things (IOT) Development Framework (7.1 HIGH)
- CVE-2026-45329 — ESF-IDF is the Espressif Internet of Things (IOT) Development Framework (7.1 HIGH)
- CVE-2026-45328 — ESF-IDF is the Espressif Internet of Things (IOT) Development Framework (9.3 CRITICAL)
- CVE-2026-44634 — SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE)
- CVE-2026-41727 — Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them (6.5 MEDIUM)