PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-49848 signalwire CVE debrief

CVE-2026-49848 is a MEDIUM severity vulnerability in FreeSWITCH's mod_verto. Prior to version 1.11.1, mod_verto's check_auth userauth branch wrote request-supplied userVariables into the connection state before comparing the supplied password. The writes are append-only and the connection is not closed on a failed compare, so values declared on bad-password attempts persisted on the same WebSocket and carried into a subsequent successful login on that connection. This issue has been patched in version 1.11.1.

Vendor
signalwire
Product
freeswitch
CVSS
MEDIUM 4.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-09
Original CVE updated
2026-06-10
Advisory published
2026-06-09
Advisory updated
2026-06-10

Who should care

Users of FreeSWITCH mod_verto prior to version 1.11.1 should update to the latest version to prevent potential authentication bypass attacks.

Technical summary

The vulnerability exists in the mod_verto component of FreeSWITCH. An attacker could exploit this vulnerability by sending a specially crafted request with userVariables, potentially leading to authentication bypass.

Defensive priority

MEDIUM

Recommended defensive actions

  • Update FreeSWITCH to version 1.11.1 or later.
  • Review and monitor mod_verto configuration and usage.

Evidence notes

The CVE-2026-49848 vulnerability was patched in FreeSWITCH version 1.11.1. For more information, see [ref-4](https://github.com/signalwire/freeswitch/releases/tag/v1.11.1) and [ref-5](https://github.com/signalwire/freeswitch/security/advisories/GHSA-j38x-xm7f-9p2f).

Official resources

CVE-2026-49848 was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-49848) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-49848).