Coturn: Three Vulnerabilities Including RCE and Service Exposure Disclosed Together
Three Coturn vulnerabilities disclosed together, including arbitrary code execution via SQL injection and localhost service exposure, fixed in v4.7.2.

Key findings
- Three Coturn vulnerabilities disclosed on July 10, 2026, including arbitrary code execution via SQL injection.
- CVE-2026-53450 allows localhost services to be exposed through an IPv4-mapped IPv6 address bypass.
- CVE-2026-53449 enables arbitrary file overwrite via CLI commands.
- All disclosed vulnerabilities are fixed in Coturn version 4.7.2.
On July 10, 2026, three vulnerabilities in the Coturn TURN server software were disclosed together, presenting a significant security concern for administrators. The vulnerabilities, detailed by the security research firm VulnCheck, range in severity and impact, with two rated as "important" and one as "moderate." These flaws, if exploited, could lead to unauthorized access, arbitrary file overwrites, and even arbitrary code execution.
One of the critical vulnerabilities, CVE-2026-53448, allows for arbitrary code execution through an SQL injection flaw within the HTTPS admin panel. This is particularly concerning as it targets a common administrative interface, potentially granting attackers full control over the server.
Another important vulnerability, CVE-2026-53450, involves a bypass that exposes localhost services via an IPv4-mapped IPv6 address. This could allow attackers to access services that should only be available locally, potentially leading to further system compromise.
The third vulnerability, CVE-2026-53449, is rated as moderate and permits an arbitrary file overwrite via a command-line interface (CLI) command. While less severe than the others, this could still be used to disrupt services or facilitate further attacks by corrupting or replacing critical system files.
All three vulnerabilities were patched in Coturn version 4.7.2. Users are strongly advised to update to the latest version to mitigate these risks. The coordinated disclosure of these vulnerabilities highlights the importance of timely patching and security audits for network infrastructure components like Coturn.
The disclosure of these three vulnerabilities in close succession underscores the need for continuous vigilance in securing network communication services. Administrators managing Coturn instances should prioritize updating to version 4.7.2 to protect against potential exploitation of these flaws. The nature of these bugs—ranging from code execution to service exposure—demands immediate attention from all users of the software.