In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.
https://www.bleepingcomputer.com/news/security/many-vpn-providers-leak-customers-ip-address-via-webrtc-bug/
https://voidsec.com/vpn-leak/
https://github.com/VoidSec/WebRTC-Leak
https://docs.google.com/spreadsheets/d/1Nm7mxfFvmdn-3Az-BtE5O0BIdbJiIAWUnkoAF_v_0ug/edit?usp=sharing
https://news.ycombinator.com/item?id=16699270
Source: Mitre, NVD
Published: 2018-03-28
Updated: 2026-06-17
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
Severity: Medium
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS: 0.00394