A vulnerability, which was classified as problematic, has been found in Coturn up to 4.12.x. The affected element is the function ioa_addr_is_loopback of the component IPv6 Handler. This manipulation of the argument XOR-PEER-ADDRESS causes infinite loop.

This vulnerability is handled as CVE-2026-53450. The attack can be initiated remotely. There is not any exploit available.