These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-49848 is a MEDIUM severity vulnerability in FreeSWITCH's mod_verto. Prior to version 1.11.1, mod_verto's check_auth userauth branch wrote request-supplied userVariables into the connection state before comparing the supplied password. The writes are append-only and the connection is not closed on a failed compare, so values declared on bad-password attempts persisted on the same WebSocket and car [truncated]
CVE-2026-49847 is a HIGH severity vulnerability in FreeSWITCH, a Software Defined Telecom Stack. A single unauthenticated WebSocket frame with a deeply nested JSON document can crash the FreeSWITCH process via stack overflow, terminating all calls and sessions on the host. The recursion drives the worker thread's stack pointer into the stack guard page, raising SIGSEGV from the kernel before any usable wr [truncated]
CVE-2026-49843 is a MEDIUM severity vulnerability in FreeSWITCH's mod_verto JSON-RPC handler. An unauthenticated attacker could evict a legitimate client by hijacking a target session UUID, allowing them to disrupt communication. This issue was patched in version 1.11.1.
CVE-2026-49842 is a HIGH-severity vulnerability in FreeSWITCH mod_verto. Prior to version 1.11.1, the WebSocket frame loop intercepts a #-prefixed speed-test protocol (#SPU / #SPB / #SPE) before any authentication check. An unauthenticated peer could request up to INT_MAX bytes, causing the server to write roughly size * 10 bytes back during the download phase, resulting in strong outbound bandwidth ampli [truncated]
CVE-2026-49841 is a critical heap overflow vulnerability in FreeSWITCH, a Software Defined Telecom Stack. The vulnerability exists in the mod_verto HTTP request handler, where a fixed 2 MiB buffer is allocated for a POST application/x-www-form-urlencoded body, but the Content-Length is accepted up to just under 10 MiB. This allows for an attacker-controlled heap overflow of up to ~8 MiB before the HTTP ba [truncated]
CVE-2026-49840 is a critical vulnerability in FreeSWITCH Software Defined Telecom Stack. A malicious ESL peer can send a frame with a negative Content-Length to corrupt the heap of, or crash, any process linked against libesl, before the client has authenticated to that peer. This issue has been patched in version 1.11.1.
CVE-2026-49475 is a HIGH severity vulnerability in FreeSWITCH, a Software Defined Telecom Stack. Prior to version 1.11.0, a specially crafted STUN packet can be used to cause an out-of-bounds memory access on the per-leg media buffer. This issue has been patched in version 1.11.0.
CVE-2026-49472 is a vulnerability in FreeSWITCH, a Software Defined Telecom Stack. The vulnerability is caused by a vulnerable function, PREFIX(prologTok)(), in libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c, which was cloned from an outdated and vulnerable version in libexpat/libexpat. The function did not receive the corresponding security patch. This issue has been patched in version 1.11.0. The vulnerab [truncated]
