Webrtc

TinyIce versions 0.8.95 through 2.4.1 are vulnerable to unauthenticated stream injection due to a missing authentication check on the WebRTC ingest endpoint (/webrtc/source-offer), allowing a network attacker to hijack broadcasts by publishing arbitrary audio/video to a target mount, replacing the legitimate source's content; patched in version 2.5.0 (CVE-2026-45327).

The ex_webrtc library is vulnerable to a man-in-the-middle attack due to missing DTLS peer certificate fingerprint validation in the DTLS client role, potentially allowing interception of media and data channels when chained with insecure signaling or a peer with similar validation gaps; upgrade to versions 0.15.1 or 0.16.1 to mitigate this vulnerability.

CVE-2026-7928 is a use-after-free vulnerability in the WebRTC component of Chromium, affecting Google Chrome and Microsoft Edge (Chromium-based) and potentially allowing for arbitrary code execution.

A heap buffer overflow vulnerability exists in the WebRTC component of Google Chrome and Microsoft Edge (Chromium-based), potentially leading to code execution.

CVE-2026-4704 is a denial-of-service vulnerability in the WebRTC Signaling component affecting Firefox, Firefox ESR, and Thunderbird, potentially disrupting service availability.