Critical XSS Vulnerability in Coturn Affects Fedora 43 and 44

A critical Cross-Site Scripting (XSS) vulnerability identified as CVE-2026-43915 affects Coturn versions 4.13.1 and 4.13.0 on Fedora 43 and 44. The vulnerability allows attackers to exploit crafted usernames in TURN allocations, potentially compromising user data. Users of Fedora 43 and 44 are urged to upgrade to the patched version to mitigate the risk. The vulnerability was publicly disclosed on June 18, 2026, and is considered critical due to its potential impact on users relying on TURN services. The updates include security fixes and performance improvements. Administrators can apply the updates using the 'dnf' command. The vulnerability is particularly concerning for organizations using Coturn for real-time communications.

Key Points: • CVE-2026-43915 is a critical XSS vulnerability affecting Coturn on Fedora 43 and 44. • The vulnerability allows exploitation via crafted usernames in TURN allocations. • Users are advised to upgrade to Coturn 4.13.1 to mitigate risks.