CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-49472

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIX(prologTok)(), in libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c, which was cloned from an outdated and vulnerable version in libexpat/libexpat. The function did not receive the corresponding security patch. This issue has been patched in version 1.11.0.

Exploit prediction scoring system (EPSS) score

CVSS Severity

CVSS v3 Score 5.3

References

https://github.com/signalwire/freeswitch/releases/tag/v1.11.0
https://github.com/signalwire/freeswitch/security/advisories/GHSA-4jm3-xpcm-mwwq

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-49472

Products

Pricing

Contact Us