CVE-2026-49475 HIGH

CVE-2026-49475: FreeSWITCH: Out-of-bounds memory access in core STUN attribute parsing

Vendor Signalwire
Product freeswitch
Weakness CWE-20 · Input validation
Published June 9, 2026
Last update June 9, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser casts to causes the parser to read and write past the end of the attribute, producing an out-of-bounds memory access on the per-leg media buffer. This issue has been patched in version 1.11.0.

Key dates

02Disclosure timeline

June 9, 2026 CVE published
June 9, 2026 Record updated