What is GHSA-3x7c-xg4r-972q?

GHSA-3x7c-xg4r-972q is a security advisory published by GitHub Security Advisories with High severity. LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command...

Which CVE IDs does GHSA-3x7c-xg4r-972q cover?

GHSA-3x7c-xg4r-972q covers the following CVE IDs: CVE-2026-41470. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-3x7c-xg4r-972q?

GHSA-3x7c-xg4r-972q has a CVSS v3 base score of 5.9, published by GitHub Security Advisories.

GHSA-3x7c-xg4r-972qHighCVSS 5.9

LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command...

Vendor

GitHub Security Advisories

Published

May 19, 2026

Last Modified

May 19, 2026

🔗 CVE IDs covered (1)

CVE-2026-41470 →

📋 Description

LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP connection without authentication, causing server crashes through virtual function call errors or disrupting active streams by terminating victim sessions.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-41470
https://download.live555.com
https://gist.github.com/yhcho0405/ee9b67a96808ef19f22e8a4ee88c795f
https://www.vulncheck.com/advisories/live555-rtsp-server-authorization-bypass-via-session-token
https://github.com/advisories/GHSA-3x7c-xg4r-972q