CVE-2026-44700— ex_webrtc 信任管理问题漏洞

Elixir WebRTC: Missing DTLS peer fingerprint validation in ex_webrtc client-role handshake

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with insecure signalling or a peer with similar validation gaps. This vulnerability is fixed in 0.15.1 and 0.16.1.

N/A

证书验证不恰当

ex_webrtc 信任管理问题漏洞

ex_webrtc是Elixir WebRTC开源的一个基于Elixir语言的WebRTC实时通信库。 ex_webrtc 0.15.1之前版本和0.16.1之前版本存在信任管理问题漏洞，该漏洞源于DTLS客户端角色缺少对等证书指纹验证，可能导致中间人攻击。

N/A

N/A