Mcdcam

**Name of the Vulnerable Software and Affected Versions** Sunshine versions 0.23.1 and earlier **Description** Sunshine is a self-hosted game stream host for Moonlight. The pairing protocol implementation does not validate request order, making it vulnerable to a MITM attack. This potentially allows an unauthenticated attacker to pair a client by hijacking a legitimate pairing attempt. A remote attacker may also use this bug to crash Sunshine. **Recommendations** For Sunshine versions 0.23.1 and earlier, update to version 2025.118.151840 or later to resolve the issue. As a temporary workaround, consider restricting access to the pairing protocol to minimize the risk of exploitation.