Home

Description

A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attacker with the ability to intercept and modify WebRTC signaling messages could exploit this to bypass the SDP-level DTLS certificate fingerprint binding, weakening defenses against man-in-the-middle attacks on media streams.

PUBLISHED Reserved 2026-07-07 | Published 2026-07-07 | Updated 2026-07-07 | Assigner redhat




LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Problem types

Always-Incorrect Control Flow Implementation

Product status

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Timeline

2026-07-07:Reported to Red Hat.
2026-07-07:Made public.

Credits

Red Hat would like to thank Clouditera Security (Clouditera), NSFOCUS (NSFOCUS), and Z.ai Security (Z.ai) for reporting this issue.

References

access.redhat.com/security/cve/CVE-2026-14935 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2497679 (RHBZ#2497679) issue-tracking

gitlab.freedesktop.org/...eamer-security/-/merge_requests/98

gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5171

cve.org (CVE-2026-14935)

nvd.nist.gov (CVE-2026-14935)

Download JSON