Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 20 May 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 20 May 2026 11:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Live Networks
Live Networks live555 |
|
| Vendors & Products |
Live Networks
Live Networks live555 |
Tue, 19 May 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP connection without authentication, causing server crashes through virtual function call errors or disrupting active streams by terminating victim sessions. | |
| Title | LIVE555 < 2026.04.22 RTSP Server Authorization Bypass via Session Token | |
| Weaknesses | CWE-863 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-05-20T14:04:14.447Z
Reserved: 2026-04-20T16:07:47.311Z
Link: CVE-2026-41470
Updated: 2026-05-20T14:04:03.337Z
Status : Awaiting Analysis
Published: 2026-05-19T19:16:50.440
Modified: 2026-06-17T10:46:45.603
Link: CVE-2026-41470
No data.
OpenCVE Enrichment
Updated: 2026-05-20T10:39:04Z