Every CVE whose affected-product data names Coturn Project Coturn, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2018-4056 — CVSS 9.8 (critical): An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login…
CVE-2018-4059 — CVSS 9.8 (critical): An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By…
CVE-2020-6061 — CVSS 9.8 (critical): An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted…
CVE-2026-43994 — CVSS 8.1 (high): Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in…
CVE-2018-4058 — CVSS 7.7 (high): An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default…
CVE-2026-40613 — CVSS 7.5 (high): Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn…
CVE-2020-6062 — CVSS 7.5 (high): An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP…
CVE-2020-26262 — CVSS 7.2 (high): Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect…
CVE-2026-27624 — CVSS 7.2 (high): Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges…
CVE-2020-4067 — CVSS 7.0 (high): In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of…
CVE-2026-43915 — CVSS 5.4 (medium): Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting (XSS)…