SQL Injection in Coturn

CVE-2026-53448

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The is_secure…

Vulnerability class: SQL Injection

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-53448?
CVE-2026-53448 is a high-severity vulnerability in Coturn, classified under SQL Injection. CVSS score: 7.2/10. Published 2026-07-10.
How severe is CVE-2026-53448?
High severity. CVSS v3 base score is 7.2 out of 10.