File Overwrite Vulnerability in Coturn Server by Coturn
CVE-2026-53449
6MEDIUM
What is CVE-2026-53449?
Coturn is an open source implementation of TURN and STUN servers. A vulnerability exists in the psd print sessions dump CLI command prior to version 4.13.0, where an authenticated admin can pass a filename argument to fopen without proper path validation. This allows potential file overwriting, enabling the admin to truncate and overwrite files writable by the Coturn process with session dump data. This issue has been resolved in version 4.13.0.
Affected Version(s)
coturn < 4.13.0
