By vendor
Freeswitch vulnerabilities
Known CVEs affecting Freeswitch products, prioritized by severity, with SEC.co remediation and detection guidance.
1 published vulnerability
- CVE-2026-45771HIGH 7.5
FreeSWITCH versions before 1.11.0 contain a denial-of-service vulnerability in their XML parser that allows an unauthenticated attacker to crash or severely degrade the system by sending a specially crafted SIP message. The attack exploits a classic "billion laughs" XML expansion flaw, where nested entity definitions cause exponential memory and CPU consumption. Because the malicious payload is processed before authentication checks, an attacker on the network can trigger the vulnerability without credentials—a single request is enough to cause significant resource exhaustion.