QwikSec

Security Database

CVE

CWE

Training

CVE-2026-44700

Published: May 14, 2026

Modified: May 15, 2026

PUBLISHED

Description

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with insecure signalling or a peer with similar validation gaps. This vulnerability is fixed in 0.15.1 and 0.16.1.

Vendor	Product	Versions
elixir-webrtc	ex_webrtc	affected `< 0.15.1` affected `>= 0.16.0, < 0.16.1`

Weaknesses (CWE)

References

https://github.com/elixir-webrtc/ex_webrtc/security/advisories/GHSA-qwfw-ggxw-577c

x_refsource_CONFIRM

https://github.com/elixir-webrtc/ex_webrtc/issues/249

x_refsource_MISC

https://github.com/elixir-webrtc/ex_webrtc/pull/250

x_refsource_MISC

https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.15.1

x_refsource_MISC

https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.16.1

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.