PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-53449 coturn CVE debrief

The Coturn implementation of TURN and STUN Server is vulnerable to arbitrary file write via the psd print sessions dump CLI command. Prior to version 4.13.0, an authenticated admin with CLI access can directly pass a filename argument to fopen with no path validation, allowing truncation and overwrite with session dump data. This issue affects Coturn versions prior to 4.13.0 and can be mitigated by upgrading to the latest version or restricting CLI access.

Vendor
coturn
Product
Unknown
CVSS
MEDIUM 6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Administrators and users of Coturn versions prior to 4.13.0 who have CLI access should be aware of this vulnerability and take immediate action to upgrade or mitigate. This includes reviewing compensating controls for exposed systems and monitoring for suspicious activity on Coturn servers.

Technical summary

The psd print sessions dump CLI command in Coturn takes a filename argument and directly passes it to fopen with no path validation. This allows an authenticated admin with CLI access to overwrite arbitrary files writable by the coturn process. The issue is fixed in version 4.13.0. It is recommended to upgrade to Coturn version 4.13.0 or later to mitigate this vulnerability. Affected Coturn versions prior to 4.13.0 should be reviewed for compensating controls and monitored for suspicious activity. Evidence of exposure should be verified through relevant monitoring, detection, and logs.

Defensive priority

High

Recommended defensive actions

  • Upgrade to Coturn version 4.13.0 or later
  • Restrict CLI access to only necessary personnel
  • Monitor for suspicious activity on Coturn servers
  • Review compensating controls for exposed systems
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-10T19:17:24.073Z and was last modified on 2026-07-10T19:20:15.180Z. The NVD entry is currently Undergoing Analysis. This information is based on the CVE record and NVD entry. Further verification is recommended to confirm affected scope and severity.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T19:17:24.073Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.