Vulnerability-Lookup

CVE-2026-44700 (GCVE-0-2026-44700)

Vulnerability from cvelistv5 – Published: 2026-05-14 20:51 – Updated: 2026-05-15 11:22

Title

Elixir WebRTC: Missing DTLS peer fingerprint validation in ex_webrtc client-role handshake

Summary

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with insecure signalling or a peer with similar validation gaps. This vulnerability is fixed in 0.15.1 and 0.16.1.

Severity

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

CWE

CWE-295 - Improper Certificate Validation

Assigner

GitHub_M

References

5 references

URL	Tags
https://github.com/elixir-webrtc/ex_webrtc/securi…	x_refsource_CONFIRM
https://github.com/elixir-webrtc/ex_webrtc/issues/249	x_refsource_MISC
https://github.com/elixir-webrtc/ex_webrtc/pull/250	x_refsource_MISC
https://github.com/elixir-webrtc/ex_webrtc/releas…	x_refsource_MISC
https://github.com/elixir-webrtc/ex_webrtc/releas…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
elixir-webrtc	ex_webrtc	Affected: < 0.15.1 Affected: >= 0.16.0, < 0.16.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44700",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-15T11:22:11.028845Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-15T11:22:24.715Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ex_webrtc",
          "vendor": "elixir-webrtc",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.15.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.16.0, \u003c 0.16.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC\u0027s mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with insecure signalling or a peer with similar validation gaps. This vulnerability is fixed in 0.15.1 and 0.16.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T20:51:03.877Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/elixir-webrtc/ex_webrtc/security/advisories/GHSA-qwfw-ggxw-577c",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/elixir-webrtc/ex_webrtc/security/advisories/GHSA-qwfw-ggxw-577c"
        },
        {
          "name": "https://github.com/elixir-webrtc/ex_webrtc/issues/249",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/elixir-webrtc/ex_webrtc/issues/249"
        },
        {
          "name": "https://github.com/elixir-webrtc/ex_webrtc/pull/250",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/elixir-webrtc/ex_webrtc/pull/250"
        },
        {
          "name": "https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.15.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.15.1"
        },
        {
          "name": "https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.16.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.16.1"
        }
      ],
      "source": {
        "advisory": "GHSA-qwfw-ggxw-577c",
        "discovery": "UNKNOWN"
      },
      "title": "Elixir WebRTC: Missing DTLS peer fingerprint validation in ex_webrtc client-role handshake"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44700",
    "datePublished": "2026-05-14T20:51:03.877Z",
    "dateReserved": "2026-05-07T17:07:09.317Z",
    "dateUpdated": "2026-05-15T11:22:24.715Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-44700",
      "date": "2026-05-26",
      "epss": "0.00064",
      "percentile": "0.19946"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-44700\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-14T21:16:47.907\",\"lastModified\":\"2026-05-15T14:53:48.823\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC\u0027s mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with insecure signalling or a peer with similar validation gaps. This vulnerability is fixed in 0.15.1 and 0.16.1.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"references\":[{\"url\":\"https://github.com/elixir-webrtc/ex_webrtc/issues/249\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/elixir-webrtc/ex_webrtc/pull/250\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.15.1\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.16.1\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/elixir-webrtc/ex_webrtc/security/advisories/GHSA-qwfw-ggxw-577c\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-44700\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-15T11:22:11.028845Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-15T11:22:19.343Z\"}}], \"cna\": {\"title\": \"Elixir WebRTC: Missing DTLS peer fingerprint validation in ex_webrtc client-role handshake\", \"source\": {\"advisory\": \"GHSA-qwfw-ggxw-577c\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"elixir-webrtc\", \"product\": \"ex_webrtc\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.15.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 0.16.0, \u003c 0.16.1\"}]}], \"references\": [{\"url\": \"https://github.com/elixir-webrtc/ex_webrtc/security/advisories/GHSA-qwfw-ggxw-577c\", \"name\": \"https://github.com/elixir-webrtc/ex_webrtc/security/advisories/GHSA-qwfw-ggxw-577c\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/elixir-webrtc/ex_webrtc/issues/249\", \"name\": \"https://github.com/elixir-webrtc/ex_webrtc/issues/249\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/elixir-webrtc/ex_webrtc/pull/250\", \"name\": \"https://github.com/elixir-webrtc/ex_webrtc/pull/250\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.15.1\", \"name\": \"https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.15.1\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.16.1\", \"name\": \"https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.16.1\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC\u0027s mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with insecure signalling or a peer with similar validation gaps. This vulnerability is fixed in 0.15.1 and 0.16.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"CWE-295: Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-14T20:51:03.877Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-44700\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-15T11:22:24.715Z\", \"dateReserved\": \"2026-05-07T17:07:09.317Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-14T20:51:03.877Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-44700

Vulnerability from fkie_nvd - Published: 2026-05-14 21:16 - Updated: 2026-05-15 14:53

Severity

8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/elixir-webrtc/ex_webrtc/issues/249
	security-advisories@github.com	https://github.com/elixir-webrtc/ex_webrtc/pull/250
	security-advisories@github.com	https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.15.1
	security-advisories@github.com	https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.16.1
	security-advisories@github.com	https://github.com/elixir-webrtc/ex_webrtc/security/advisories/GHSA-qwfw-ggxw-577c

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC\u0027s mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with insecure signalling or a peer with similar validation gaps. This vulnerability is fixed in 0.15.1 and 0.16.1."
    }
  ],
  "id": "CVE-2026-44700",
  "lastModified": "2026-05-15T14:53:48.823",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-05-14T21:16:47.907",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/elixir-webrtc/ex_webrtc/issues/249"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/elixir-webrtc/ex_webrtc/pull/250"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.15.1"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.16.1"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/elixir-webrtc/ex_webrtc/security/advisories/GHSA-qwfw-ggxw-577c"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-QWFW-GGXW-577C

Vulnerability from github – Published: 2026-05-08 17:08 – Updated: 2026-05-15 23:46

Summary

ex_webrtc client-role handshake is missing DTLS peer fingerprint validation

Details

Summary

Missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with insecure signalling or a peer with similar validation gaps.

Details

ex_webrtc validates the DTLS peer's certificate fingerprint against the value advertised in the SDP offer/answer when acting as the DTLS server (passive role). When acting as the DTLS client (active role) -- the default when answering a remote offer with a=setup:actpass, which is what browsers always send -- the fingerprint check was skipped on the handshake-completion code path that returns no outgoing packets. This is the most common deployment mode (e.g., an SFU or media server answering a browser's offer).

All released versions prior to 0.15.1 and 0.16.1 are affected. No backports to older lines are planned -- users should upgrade to 0.15.1 or 0.16.1.

Impact

The bug eliminates one half of WebRTC's mutual DTLS authentication. The security of the media and data-channel encryption then rests entirely on the remote peer's fingerprint check.

On its own, the bug does not allow:

Passive eavesdropping on SRTP media.
A network-positioned attacker to intercept media against a standards-compliant browser peer over a TLS-protected signalling channel -- the browser's fingerprint check prevents the second leg of the MITM from succeeding.

The bug does enable a full MITM on media and data channels when combined with any of:

Insecure signalling (HTTP / plain WebSocket) allowing SDP rewrite in transit.
A compromised or malicious signalling server.
A peer implementation with a similar fingerprint-validation gap.

Both audio/video media (SRTP) and data channels (SCTP-over-DTLS) are affected.

Patches

0.15.1 (for the 0.15.x line)
0.16.1 (for the 0.16.x line)

Workarounds

None. Upgrade is required.

Resources

Severity

8.7 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Hex",
        "name": "ex_webrtc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.15.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Hex",
        "name": "ex_webrtc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.16.0"
            },
            {
              "fixed": "0.16.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.16.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44700"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-08T17:08:18Z",
    "nvd_published_at": "2026-05-14T21:16:47Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nMissing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC\u0027s mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with insecure signalling or a peer with similar validation gaps.\n\n### Details\n`ex_webrtc` validates the DTLS peer\u0027s certificate fingerprint against the value advertised in the SDP offer/answer when acting as the DTLS server (passive role). When acting as the DTLS client (active role) -- the default when answering a remote offer with `a=setup:actpass`, which is what browsers always send -- the fingerprint check was skipped on the handshake-completion code path that returns no outgoing packets. This is the most common deployment mode (e.g., an SFU or media server answering a browser\u0027s offer).\n\nAll released versions prior to 0.15.1 and 0.16.1 are affected. No backports to older lines are planned -- users should upgrade to 0.15.1 or 0.16.1.\n\n### Impact\nThe bug eliminates one half of WebRTC\u0027s mutual DTLS authentication. The security of the media and data-channel encryption then rests entirely on the remote peer\u0027s fingerprint check.\n\nOn its own, the bug does **not** allow:\n\n- Passive eavesdropping on SRTP media.\n- A network-positioned attacker to intercept media against a standards-compliant browser peer over a TLS-protected signalling channel -- the browser\u0027s fingerprint check prevents the second leg of the MITM from succeeding.\n\nThe bug **does** enable a full MITM on media and data channels when combined with any of:\n\n- Insecure signalling (HTTP / plain WebSocket) allowing SDP rewrite in transit.\n- A compromised or malicious signalling server.\n- A peer implementation with a similar fingerprint-validation gap.\n\nBoth audio/video media (SRTP) and data channels (SCTP-over-DTLS) are affected.\n\n### Patches\n- `0.15.1` (for the 0.15.x line)\n- `0.16.1` (for the 0.16.x line)\n\n### Workarounds\nNone. Upgrade is required.\n\n### Resources\n- [Issue](https://github.com/elixir-webrtc/ex_webrtc/issues/249)\n- [PR](https://github.com/elixir-webrtc/ex_webrtc/pull/250)\n- [Release 0.15.1](https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.15.1)\n- [Release 0.16.1](https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.16.1)",
  "id": "GHSA-qwfw-ggxw-577c",
  "modified": "2026-05-15T23:46:08Z",
  "published": "2026-05-08T17:08:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/elixir-webrtc/ex_webrtc/security/advisories/GHSA-qwfw-ggxw-577c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44700"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elixir-webrtc/ex_webrtc/issues/249"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elixir-webrtc/ex_webrtc/pull/250"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elixir-webrtc/ex_webrtc/commit/658c63221a869fb12bb9989599c3688751b0531b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/elixir-webrtc/ex_webrtc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.15.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.16.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "ex_webrtc client-role handshake is missing DTLS peer fingerprint validation"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-44700 (GCVE-0-2026-44700)

FKIE_CVE-2026-44700

GHSA-QWFW-GGXW-577C

Summary

Details

Impact

Patches

Workarounds

Resources

Tags

Sightings

Nomenclature