EXECUTIVE SUMMARY:
CVE-2026-45327 with a CVSS score of 8.2 is a vulnerability in the TinyIce WebRTC ingest endpoint, which allows an attacker to inject unauthorized streams by missing authentication checks. The affected product is the DatanoiseTV tinyice package, specifically versions 0.8.95 through 2.4.1. An attacker can exploit this vulnerability by sending a malicious WebRTC SDP offer to the `/webrtc/source-offer` endpoint, which is accessible without any authentication checks, allowing them to publish arbitrary audio/video tracks on the targeted mount. This results in a high-integrity-impact issue, enabling an attacker to replace a radio's broadcast with their own audio, potentially causing malicious content to be broadcasted to listeners. The legitimate publisher can re-establish their session after a 3-second drain, but the attacker can reconnect immediately, producing a sustained broadcast hijack. There is no direct confidentiality impact through this endpoint. The business impact and consequences of exploitation include the potential for malicious content to be broadcasted to listeners, which can lead to loss of trust and reputation for the affected radio station or media provider, as well as potential financial losses. Prerequisites for exploitation include being able to reach the TinyIce HTTP port and identifying a target mount.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-45327 with a CVSS score of 8.2 is a vulnerability in the TinyIce WebRTC ingest endpoint, which allows an attacker to inject unauthorized streams by missing authentication checks. The affected product is the DatanoiseTV tinyice package, specifically versions 0.8.95 through 2.4.1. An attacker can exploit this vulnerability by sending a malicious WebRTC SDP offer to the `/webrtc/source-offer` endpoint, which is accessible without any authentication checks, allowing them to publish arbitrary audio/video tracks on the targeted mount. This results in a high-integrity-impact issue, enabling an attacker to replace a radio's broadcast with their own audio, potentially causing malicious content to be broadcasted to listeners. The legitimate publisher can re-establish their session after a 3-second drain, but the attacker can reconnect immediately, producing a sustained broadcast hijack. There is no direct confidentiality impact through this endpoint. The business impact and consequences of exploitation include the potential for malicious content to be broadcasted to listeners, which can lead to loss of trust and reputation for the affected radio station or media provider, as well as potential financial losses. Prerequisites for exploitation include being able to reach the TinyIce HTTP port and identifying a target mount.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-p7c4-8x34-8j8f