Search CVE reports


Toggle filters

1 – 10 of 15 results


CVE-2026-53450

Medium priority
Needs evaluation

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rejects loopback peers by default unless allow-loopback-peers is enabled, but the default loopback guard can be bypassed by using the...

1 affected package

coturn

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
coturn Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-53449

Medium priority
Needs evaluation

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An...

1 affected package

coturn

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
coturn Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-53448

Medium priority
Needs evaluation

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The...

1 affected package

coturn

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
coturn Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-43994

Medium priority
Needs evaluation

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decode_oauth_token_gcm(). A uint16_t nonce_len field read from an attacker-supplied OAuth access...

1 affected package

coturn

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
coturn Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-43915

Medium priority
Needs evaluation

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting (XSS) vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation...

1 affected package

coturn

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
coturn Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-40613

Medium priority
Needs evaluation

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8_t * to uint16_t * without alignment checks. When...

1 affected package

coturn

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
coturn Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-27624

Medium priority
Needs evaluation

Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied-peer-ip" and/or default loopback restrictions. CVE-2020-26262 addressed...

1 affected package

coturn

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
coturn Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-69217

Medium priority
Needs evaluation

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't...

1 affected package

coturn

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
coturn Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-26262

Medium priority
Fixed

Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it...

1 affected package

coturn

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
coturn Fixed Fixed
Show less packages

CVE-2020-4067

Medium priority
Fixed

In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their...

1 affected package

coturn

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
coturn Fixed Fixed
Show less packages