CVE-2026-44700— Elixir WebRTC: Missing DTLS peer fingerprint validation in ex_webrtc client-role handshake

AI Predicted 7.5 Difficulty: Moderate EPSS 0.04% · P12 Updated May 15, 2026

Possible ATT&CK Techniques 1AI

Affected Version Matrix 2

Vendor	Product	Version Range	Status
elixir-webrtc	ex_webrtc	`< 0.15.1`	affected
		`>= 0.16.0, < 0.16.1`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-44700

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Elixir WebRTC: Missing DTLS peer fingerprint validation in ex_webrtc client-role handshake

Source: NVD (National Vulnerability Database)

Vulnerability Description

Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with insecure signalling or a peer with similar validation gaps. This vulnerability is fixed in 0.15.1 and 0.16.1.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

证书验证不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

ex_webrtc 信任管理问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ex_webrtc是Elixir WebRTC开源的一个基于Elixir语言的WebRTC实时通信库。 ex_webrtc 0.15.1之前版本和0.16.1之前版本存在信任管理问题漏洞，该漏洞源于DTLS客户端角色缺少对等证书指纹验证，可能导致中间人攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
elixir-webrtc	ex_webrtc	< 0.15.1	-

II. Public POCs for CVE-2026-44700

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-44700

请登录查看更多情报信息。

https://github.com/elixir-webrtc/ex_webrtc/pull/250x_refsource_MISC
https://github.com/elixir-webrtc/ex_webrtc/issues/249x_refsource_MISC
https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.15.1x_refsource_MISC
https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.16.1x_refsource_MISC
https://github.com/elixir-webrtc/ex_webrtc/security/advisories/GHSA-qwfw-ggxw-577cx_refsource_CONFIRM
https://nvd.nist.gov/vuln/detail/CVE-2026-44700

IV. Related Vulnerabilities

Same weakness: CWE-295

V. Comments for CVE-2026-44700

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-44700— Elixir WebRTC: Missing DTLS peer fingerprint validation in ex_webrtc client-role handshake

Possible ATT&CK Techniques 1AI

Affected Version Matrix 2

I. Basic Information for CVE-2026-44700

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-44700

III. Intelligence Information for CVE-2026-44700

IV. Related Vulnerabilities

V. Comments for CVE-2026-44700

Leave a comment