Vulnerability in Elixir-webrtc Ex_webrtc
CVE-2026-44700
Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC's mutual authentication. The bug…
Vulnerability class: Improper Certificate Validation
EPSS: 0.001 (24.2th percentile) — read the EPSS interpretation.
Affected products
- Elixir-webrtc Ex_webrtc — versions < 0.15.1, >= 0.16.0, < 0.16.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_CONFIRM)