CVE-2026-53449 in Coturn
Summary
by MITRE • 07/10/2026
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable by the coturn process because the command string is used as-is after stripping the psd prefix and leading spaces, allowing truncation and overwrite with session dump data. This issue is fixed in version 4.13.0.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 07/10/2026
The coturn server represents a critical infrastructure component in network communication systems, serving as an implementation of the TURN and STUN protocols that facilitate NAT traversal for multimedia applications. This vulnerability specifically targets the privileged command line interface functionality within the software's administrative tools. The flaw exists in the psd print sessions dump command which processes user-provided filename arguments without adequate path validation or sanitization. When administrators execute this command with a carefully crafted filename argument, the system directly passes this input to the fopen function without any verification of the file path structure or permissions. This design oversight creates a direct path for privilege escalation and arbitrary file manipulation through the command line interface.
The technical exploitation mechanism relies on the command's insufficient input validation processes that strip only the psd prefix and leading whitespace from the provided argument. This minimal sanitization allows attackers to manipulate the filename string in ways that can truncate existing files or overwrite them with session dump data. The vulnerability specifically affects authenticated administrative users who possess command line access to the coturn server, as the exploit requires legitimate administrative privileges to execute the targeted CLI command. The lack of path validation means that even if an attacker provides a filename containing directory traversal sequences or other malicious path components, these will be processed without restriction by the underlying file system operations.
The operational impact of this vulnerability extends beyond simple file overwrite capabilities and represents a significant threat to system integrity and security posture. An attacker with administrative access can leverage this flaw to modify critical session dump files, potentially corrupting important network communication data or creating backdoors through strategic file manipulation. The vulnerability allows for arbitrary file system modifications that could affect log files, configuration data, or other sensitive information stored by the coturn service. This represents a privilege escalation vector that transforms legitimate administrative capabilities into potential attack vectors for data corruption, information disclosure, or denial of service conditions. The issue directly aligns with CWE-22 weakness category related to improper limitation of a pathname to a restricted directory and falls under ATT&CK technique T1059.008 for command and scripting interpreter.
The remediation approach requires updating to coturn version 4.13.0 or later, which implements proper path validation mechanisms for the affected CLI commands. Security practitioners should also implement additional administrative controls including limiting command line access to only essential personnel, implementing strict file system permissions, and monitoring administrative command execution logs for suspicious activity patterns. Organizations should conduct thorough vulnerability assessments of their coturn deployments to ensure all instances have been updated and verify that no unauthorized modifications have occurred through exploitation of this vulnerability. The fix addresses the core input validation issue by implementing proper path sanitization before passing arguments to file system operations, preventing directory traversal attacks and ensuring that only authorized files can be accessed or modified through the administrative interface.