Tag
TinyIce versions 0.8.95 through 2.4.1 are vulnerable to unauthenticated stream injection due to a missing authentication check on the WebRTC ingest endpoint (/webrtc/source-offer), allowing a network attacker to hijack broadcasts by publishing arbitrary audio/video to a target mount, replacing the legitimate source's content; patched in version 2.5.0 (CVE-2026-45327).