Browse all 5 CVE security advisories affecting coturn. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Coturn is an open-source STUN/TURN server implementation that enables NAT traversal for WebRTC and other real-time communication applications. Historically, it has been vulnerable to multiple remote code execution flaws, cross-site scripting attacks, and privilege escalation issues due to input validation failures and insecure default configurations. The project has addressed five CVEs to date, with several RCE vulnerabilities allowing unauthenticated attackers to execute arbitrary code through specially crafted packets. While no major public security incidents have been documented, the persistent discovery of critical vulnerabilities in its networking components highlights the importance of regular updates and hardening for production deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40613 | Coturn: Misaligned Memory Access in coturn STUN Attribute Parser (Remote DoS on ARM64) — coturnCWE-704 | 7.5 | High | 2026-04-21 |
| CVE-2026-27624 | Coturn: IPv4-mapped IPv6 (::ffff:0:0/96) bypasses denied-peer-ip ACL — coturnCWE-284 | 7.2 | High | 2026-02-25 |
| CVE-2025-69217 | Coturn has unsafe nonce and relay port randomization due to weak random number generation. — coturnCWE-338 | 7.7 | High | 2025-12-30 |
| CVE-2020-26262 | Loopback bypass in Coturn — coturnCWE-441 | 7.2 | High | 2021-01-13 |
| CVE-2020-4067 | Improper Initialization in coturn — coturnCWE-665 | 7.0 | High | 2020-06-29 |
This page lists every published CVE security advisory associated with coturn. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.