PatchSiren cyber security CVE debrief
CVE-2026-49847 signalwire CVE debrief
CVE-2026-49847 is a HIGH severity vulnerability in FreeSWITCH, a Software Defined Telecom Stack. A single unauthenticated WebSocket frame with a deeply nested JSON document can crash the FreeSWITCH process via stack overflow, terminating all calls and sessions on the host. The recursion drives the worker thread's stack pointer into the stack guard page, raising SIGSEGV from the kernel before any usable write primitive develops. This issue has been patched in version 1.11.1.
- Vendor
- signalwire
- Product
- freeswitch
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of FreeSWITCH software-defined telecom stack, particularly those using versions prior to 1.11.1, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by a stack overflow in the FreeSWITCH process when handling a deeply nested JSON document in a WebSocket frame. This can be exploited by an unauthenticated attacker, leading to a denial of service (DoS) condition.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to FreeSWITCH version 1.11.1 or later.
- Implement additional security measures to restrict access to the WebSocket interface.
Evidence notes
The vulnerability is documented in the official CVE record [cve-org] and the NVD detail page [nvd].
Official resources
-
CVE-2026-49847 CVE record
CVE.org
-
CVE-2026-49847 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
CVE-2026-49847 was published on 2026-06-09T17:17:48.320Z and modified on 2026-06-10T15:06:45.590Z.