CVE-2026-14935

Summary

A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attacker with the ability to intercept and modify WebRTC signaling messages could exploit this to bypass the SDP-level DTLS certificate fingerprint binding, weakening defenses against man-in-the-middle attacks on media streams.

Affected Software

VendorProductVersion RangeStatus

Weaknesses

  • CWE-670: Always-Incorrect Control Flow Implementation

Workarounds

There is no complete mitigation for this vulnerability. The following measures can reduce risk:

  1. Ensure WebRTC signaling channels use TLS encryption to prevent SDP modification in transit.
  2. If WebRTC functionality is not required, remove the webrtcbin plugin shared object from the GStreamer plugins directory (typically /usr/lib64/gstreamer-1.0/libgstwebrtc.so).

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References