What is CVE-2026-40613?

CVE-2026-40613 is a high-severity vulnerability in Coturn, classified under Incorrect Type Conversion or Cast. CVSS score: 7.5/10. Published 2026-04-21.

How severe is CVE-2026-40613?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Coturn

CVE-2026-40613

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8_t * to uint16_t * without alignment checks. When processing a…

EPSS: 0.003 (52.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Coturn — versions < 4.10.0

Weakness classification (CWE)

CWE-704 — Incorrect Type Conversion or Cast

References

https://github.com/coturn/coturn/security/advisories/GHSA-j662-9wcj-mf36 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-40613?: CVE-2026-40613 is a high-severity vulnerability in Coturn, classified under Incorrect Type Conversion or Cast. CVSS score: 7.5/10. Published 2026-04-21.
How severe is CVE-2026-40613?: High severity. CVSS v3 base score is 7.5 out of 10.