PT-2026-39291 · Unknown · Elixir Webrtc
Songxpu
·
Published
2026-05-08
·
Updated
2026-05-15
·
CVE-2026-44700
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Elixir WebRTC versions prior to 0.15.1
Elixir WebRTC versions prior to 0.16.1
Description
Missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC's mutual authentication. When acting as the DTLS client, the fingerprint check was skipped on the handshake-completion code path that returns no outgoing packets. This occurs most commonly when a media server or SFU answers a browser's offer. While not independently exploitable for media interception in standard deployments, this issue enables a full man-in-the-middle attack on audio/video media (SRTP) and data channels (SCTP-over-DTLS) if combined with insecure signalling, a compromised signalling server, or a peer with similar validation gaps.
Recommendations
Update to version 0.15.1.
Update to version 0.16.1.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Elixir Webrtc