PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-41470 Live Networks, Inc. CVE debrief

CVE-2026-41470 is a HIGH-severity authorization bypass affecting LIVE555 RTSP session handling. According to the supplied record, an attacker who can obtain a valid Session token may reuse it from a separate TCP connection without authenticating, then issue RTSP commands such as PLAY and TEARDOWN. The impact is primarily availability loss: servers may crash or active streams may be interrupted.

Vendor
Live Networks, Inc.
Product
LIVE555
CVSS
HIGH 8.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-19
Original CVE updated
2026-05-19
Advisory published
2026-05-19
Advisory updated
2026-05-19

Who should care

Organizations running LIVE555-based RTSP services, especially internet-facing media, surveillance, or streaming deployments. Security teams should also care if RTSP is exposed on internal networks, because token reuse across connections can still disrupt service or trigger crashes.

Technical summary

The supplied CVE description states that LIVE555 versions before 2026.04.22 contain an authorization bypass in RTSP session command handling. A valid Session token can reportedly be replayed from an unauthenticated second TCP connection, allowing PLAY and TEARDOWN commands to be accepted without the expected authentication context. The described effects include crashes linked to virtual function call errors and interruption of victim sessions. NVD lists the weakness as CWE-863 and assigns a CVSS v4.0 vector that indicates network attackability with no privileges or user interaction, and availability impact as the primary concern.

Defensive priority

High. The issue is network-reachable, requires no user interaction, and can disrupt live streams or crash affected servers. Prioritize it for any exposed LIVE555 RTSP deployment, especially where service continuity matters.

Recommended defensive actions

  • Upgrade LIVE555 to 2026.04.22 or later, if that is the fixed release referenced by the advisory.
  • Inventory all applications and appliances that embed LIVE555, including indirect dependencies in media or surveillance systems.
  • Restrict RTSP exposure with network controls where possible, especially on untrusted networks.
  • Monitor for repeated use of the same RTSP Session token across different TCP connections or unusual PLAY/TEARDOWN patterns.
  • Add alerting for RTSP service crashes, abrupt stream terminations, and other availability anomalies that could indicate abuse.
  • If immediate patching is not possible, segment affected services and limit access to trusted hosts only.

Evidence notes

This debrief is based on the supplied CVE record and its NVD metadata. The CVE was published on 2026-05-19 and last modified the same day. NVD marks the record as 'Awaiting Analysis' and attributes CWE-863; the supplied summary describes Session token replay from a second TCP connection leading to unauthorized command execution and availability impact. The vendor attribution in the prompt is low confidence, so the product is treated as LIVE555 based on the referenced material rather than as a fully resolved vendor record.

Official resources

Publicly disclosed in the CVE record on 2026-05-19. No CISA KEV listing was provided in the supplied data.