signalwire Latest High & Critical Vulnerabilities

Latest High & Critical vulnerabilities published by signalwire

JSON RSS CSV 🔔 Create Alert Trigger

9 June 2026

FreeSWITCH: Stack overflow in bundled cJSON parser via deeply nested JSON
CVE-2026-49847
SignalwireFreeswitch7.5HIGH
FreeSWITCH: Pre-authentication bandwidth amplification via `mod_verto` speed-test frames
CVE-2026-49842
SignalwireFreeswitch7.5HIGH
FreeSWITCH: Pre-authentication heap buffer overflow in `mod_verto` HTTP POST body read
CVE-2026-49841
SignalwireFreeswitch9.8CRITICAL
FreeSWITCH: Pre-authentication heap buffer overflow in libesl `Content-Length` parsing
CVE-2026-49840
SignalwireFreeswitch9.1CRITICAL
FreeSWITCH: Out-of-bounds memory access in core STUN attribute parsing
CVE-2026-49475
SignalwireFreeswitch7.5HIGH
Freeswitch Denial-of-Service in SIP PUBLISH Requests via XML Entity Expansion
CVE-2026-45771
SignalwireFreeswitch7.5HIGH

27 December 2023

FreeSWITCH susceptible to Denial of Service via DTLS Hello packets during call initiation
CVE-2023-51443
SignalwireFreeswitch7.5HIGH

15 September 2023

FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID
CVE-2023-40018
signalwirefreeswitch7.5HIGH

25 October 2021

18 October 2021

Information Disclosure Vulnerability in SignalWire FreeSWITCH Software
CVE-2021-36513
SignalwireFreeswitch7.5HIGH