Skip to main content

Coturn CVE-2026-53449

| EUVDEUVD-2026-42970 MEDIUM
External Control of File Name or Path (CWE-73)
2026-07-10 GitHub_M
6.0
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
6.0 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
vuln.today AI
6.0 MEDIUM

Local CLI admin access required (AV:L/PR:H); file overwrite without path control yields high integrity impact; critical file corruption causes availability loss; no confidentiality impact.

3.1 AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
Jul 10, 2026 - 19:01 EUVD
Analysis Generated
Jul 10, 2026 - 19:00 vuln.today

DescriptionCVE.org

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable by the coturn process because the command string is used as-is after stripping the psd prefix and leading spaces, allowing truncation and overwrite with session dump data. This issue is fixed in version 4.13.0.

AnalysisAI

Arbitrary file overwrite in Coturn prior to 4.13.0 is possible through the CLI management interface's psd (print sessions dump) command, which passes a user-supplied filename directly to fopen() without any path validation (CWE-73). An authenticated admin with CLI access can overwrite any file writable by the coturn process, potentially corrupting sensitive system files, certificates, or configuration data to achieve privilege escalation or service disruption. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain Coturn CLI admin credentials
Delivery
Access management interface locally or via network
Exploit
Issue psd command with arbitrary target file path
Execution
coturn writes session dump to specified path without validation
Persist
Overwrite sensitive writable file (cron, config, cert)
Impact
Escalate privileges or cause service disruption

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated administrator account with active access to the Coturn CLI management interface - this is enforced by the CVSS PR:H metric and the description's explicit 'authenticated admin with CLI access' qualifier. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H scores 6.0 (Medium), accurately reflecting that this is a local-only, high-privilege attack with no remote exploitation path. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated Coturn CLI administrator - either a malicious insider or an attacker who has obtained admin credentials - connects to the management interface and issues a `psd /etc/cron.d/coturn-backdoor` command. The coturn process writes TURN session dump data to the specified cron path without validation, creating or overwriting the file with attacker-influenced content, which the cron daemon may subsequently execute as root. …
Remediation Upgrade to Coturn 4.13.0, the vendor-released patched version available at https://github.com/coturn/coturn/releases/tag/4.13.0, which resolves the missing path validation in the `psd` CLI command. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53449 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy