CVE-2026-41470

Name of the Vulnerable Software and Affected Versions LIVE555 versions prior to 2026.04.22

Description An authorization bypass exists in the RTSP session command handling. This allows attackers to replay valid Session tokens from unauthenticated connections. By obtaining a valid Session token, an attacker can issue 'PLAY' and 'TEARDOWN' commands from a separate TCP connection without authentication. This can lead to server crashes due to virtual function call errors or the disruption of active streams by terminating victim sessions.

Recommendations Update to version 2026.04.22.