File Overwrite Vulnerability in Coturn Server by Coturn
CVE-2026-53449

6MEDIUM

Key Information:

Vendor

Coturn

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-53449?

Coturn is an open source implementation of TURN and STUN servers. A vulnerability exists in the psd print sessions dump CLI command prior to version 4.13.0, where an authenticated admin can pass a filename argument to fopen without proper path validation. This allows potential file overwriting, enabling the admin to truncate and overwrite files writable by the Coturn process with session dump data. This issue has been resolved in version 4.13.0.

Affected Version(s)

coturn < 4.13.0

References

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.