CVE-2026-45771 - Vulnerability Details

- Freeswitch Denial-of-Service in SIP PUBLISH Requests via XML Entity Expansion

Description

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested <!ENTITY> declarations without a depth or count bound, so a small DTD can describe a body that expands exponentially ("billion laughs"). The PIDF body of a SIP PUBLISH is fed to this parser before any digest check, letting an unauthenticated network attacker force unbounded CPU and memory consumption with a single request. This issue has been patched in version 1.11.0.

Published: 2026-06-09

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

FreeSWITCH contains an XML parser that expands nested !ENTITY declarations without limits. When a SIP PUBLISH message contains a PIDF body with such entities, the parser processes them before authentication, allowing an attacker to trigger exponential growth of data and consume excessive CPU and memory, ultimately causing a denial of service to the application.

Affected Systems

SignalWire’s FreeSWITCH stack prior to version 1.11.0 is affected. Any deployment using the bundled XML parser in those releases is vulnerable.

Risk and Exploitability

The CVSS score of 7.5 reflects a high impact threat. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. Attackers can target the SIP service remotely, send a crafted SIP PUBLISH request, and reach the unbounded expansion condition without authentication. The flaw can be leveraged to exhaust system resources and bring services down.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

signalwire

freeswitch

affected

Version	Status	Constraints
`< 1.11.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:freeswitch:freeswitch:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Signalwire

Freeswitch

100%

Version	Status	Scheme	Platform
`[0,1.11.0)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade FreeSWITCH to version 1.11.0 or later, which includes the XML parser fix.
Restrict SIP traffic by blocking or rate‑limiting PUBLISH requests from untrusted networks, or enforce strict authentication before any XML parsing occurs.
Monitor CPU and memory usage for anomalies linked to SIP traffic and apply rapid containment measures if any sudden spikes are detected.

Generated by OpenCVE AI on June 9, 2026 at 17:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0004.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/signalwire/freeswitch/releases/tag/v1.11.0
https://github.com/signalwire/freeswitch/security/advisories/GHSA-5vjg-pv56-vg4c

History

Wed, 10 Jun 2026 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Freeswitch Freeswitch freeswitch
CPEs		cpe:2.3:a:freeswitch:freeswitch::::::::
Vendors & Products		Freeswitch Freeswitch freeswitch

Tue, 09 Jun 2026 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 09 Jun 2026 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Signalwire Signalwire freeswitch
Vendors & Products		Signalwire Signalwire freeswitch

Tue, 09 Jun 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested <!ENTITY> declarations without a depth or count bound, so a small DTD can describe a body that expands exponentially ("billion laughs"). The PIDF body of a SIP PUBLISH is fed to this parser before any digest check, letting an unauthenticated network attacker force unbounded CPU and memory consumption with a single request. This issue has been patched in version 1.11.0.
Title		Freeswitch Denial-of-Service in SIP PUBLISH Requests via XML Entity Expansion
Weaknesses		CWE-776
References		https://github.com/signalwire/freeswitch/releases/tag/v1.11.0 https://github.com/signalwire/freeswitch/security/advisories/GHSA-5vjg-pv56-vg4c
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Subscriptions

Freeswitch Freeswitch

Signalwire Freeswitch

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-06-09T15:51:49.484Z

Updated: 2026-06-09T18:24:19.380Z

Reserved: 2026-05-13T07:45:21.251Z

Link: CVE-2026-45771

Vulnrichment

Updated: 2026-06-09T18:24:11.618Z

NVD

Status : Analyzed

Published: 2026-06-09T17:17:33.303

Modified: 2026-06-10T15:04:37.370

Link: CVE-2026-45771

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-09T18:45:06Z

Weaknesses

CWE-776

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object