AIKIDO-2026-10605
github.com/bluenviron/mediamtx is vulnerable to Sensitive Credential Exposure via URL Query Parameters
58
Medium Risk
This Affects:
github.com/bluenviron/mediamtxTL;DR
Affected versions of this package accept authentication JWTs via HTTP query parameters by default (controlled by the authJWTInHTTPQuery config flag, which defaulted to true). Tokens passed in URLs are exposed via several side channels: web server access logs, intermediate proxy/CDN logs, browser history, and the Referer header on outbound navigation. v1.18.0 disables JWTs in query parameters by default and deprecates the authJWTInHTTPQuery flag. Token extraction from the query string is now restricted to legacy RTSP/RTMP transports where it is unavoidable.
Who does this affect?
You are affected if you are running a version that falls within the vulnerable range with HTTP-based access (HLS / WebRTC / playback / API) and authentication enabled, since the default config accepted JWTs supplied as URL query parameters. Risk increases if access logs, proxies, or CDNs are part of the request path, or if browser-driven flows can produce Referer leakage.
Background info
github.com/bluenviron/mediamtx is vulnerable to Sensitive Credential Exposure via URL Query Parameters in versions 1.0.0 - 1.17.1.
How to fix this
Upgrade the github.com/bluenviron/mediamtx library to the patch version. Note that v1.18.0 introduces a breaking change: clients that previously passed JWTs via URL query parameters must now use the Authorization HTTP header. Remove the authJWTInHTTPQuery setting from your configuration, as it has been deprecated.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant