PatchSiren cyber security CVE debrief
CVE-2026-53449 coturn CVE debrief
The Coturn implementation of TURN and STUN Server is vulnerable to arbitrary file write via the psd print sessions dump CLI command. Prior to version 4.13.0, an authenticated admin with CLI access can directly pass a filename argument to fopen with no path validation, allowing truncation and overwrite with session dump data. This issue affects Coturn versions prior to 4.13.0 and can be mitigated by upgrading to the latest version or restricting CLI access.
- Vendor
- coturn
- Product
- Unknown
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Administrators and users of Coturn versions prior to 4.13.0 who have CLI access should be aware of this vulnerability and take immediate action to upgrade or mitigate. This includes reviewing compensating controls for exposed systems and monitoring for suspicious activity on Coturn servers.
Technical summary
The psd print sessions dump CLI command in Coturn takes a filename argument and directly passes it to fopen with no path validation. This allows an authenticated admin with CLI access to overwrite arbitrary files writable by the coturn process. The issue is fixed in version 4.13.0. It is recommended to upgrade to Coturn version 4.13.0 or later to mitigate this vulnerability. Affected Coturn versions prior to 4.13.0 should be reviewed for compensating controls and monitored for suspicious activity. Evidence of exposure should be verified through relevant monitoring, detection, and logs.
Defensive priority
High
Recommended defensive actions
- Upgrade to Coturn version 4.13.0 or later
- Restrict CLI access to only necessary personnel
- Monitor for suspicious activity on Coturn servers
- Review compensating controls for exposed systems
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-10T19:17:24.073Z and was last modified on 2026-07-10T19:20:15.180Z. The NVD entry is currently Undergoing Analysis. This information is based on the CVE record and NVD entry. Further verification is recommended to confirm affected scope and severity.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T19:17:24.073Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.