coturn IPv6 ACL Bypass Allows Unauthorized Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

coturn IPv6 ACL Bypass Allows Unauthorized Access

MGASA-2026-0051

Summary

An update is available to fix a security issue in coturn that allows attackers to bypass certain access controls using a specific type of IP address. This could potentially allow unauthorized access to coturn servers. Update your coturn software to the latest version to fix this issue.

What to do

Update coturn to version 4.6.2-1.1.mga9.

Affected software

Vendor	Product	Affected versions	Fix available
–	coturn	<= 4.6.2-1.1.mga9	4.6.2-1.1.mga9

Original title

Updated coturn packages fix security vulnerability

Original description

IPv4-mapped IPv6 (::ffff:0:0/96) bypasses denied-peer-ip ACL.
(CVE-2026-27624)

https://advisories.mageia.org/MGASA-2026-0051.html Vendor Advisory
https://bugs.mageia.org/show_bug.cgi?id=35179 Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]... Third Party Advisory

Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026