216.73.217.50

CVE-2026-44700

· Published 14/05/2026 21:16 · Modified 15/05/2026 14:53

Labels: CVE-2026-44700 2026-05-14CVE-2026-44700CWE-295[email protected]

Essential information

Published
14/05/2026 21:16
Modified
15/05/2026 14:53
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with insecure signalling or a peer with similar validation gaps. This vulnerability is fixed in 0.15.1 and 0.16.1.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
elixir org / webrtc cpe:2.3:a:elixir_org:webrtc:<0.15.1:*:*:*:*:*:*:*
elixir org / webrtc cpe:2.3:a:elixir_org:webrtc:<0.16.1:*:*:*:*:*:*:*

References