CVE-2026-4271
5.3 MEDIUMA flaw was found in libsoup, a library for handling HTTP requests
Published: 2026-03-17 · Last updated: 2026-05-19
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- CWE
- CWE-416
Affected products
| Vendor | Product |
|---|---|
| gnome | enterprise_linux, libsoup |
| redhat | enterprise_linux, libsoup |
Description
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already been freed, potentially causing application instability or crashes, resulting in a Denial of Service (DoS).
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-4271
- [Other]https://access.redhat.com/errata/RHSA-2026:15968
- [Other]https://access.redhat.com/errata/RHSA-2026:17482
- [Other]https://access.redhat.com/errata/RHSA-2026:19143
- [Vendor advisory]https://access.redhat.com/security/cve/CVE-2026-4271
- [Vendor advisory]https://bugzilla.redhat.com/show_bug.cgi?id=2448044
- [Vendor advisory]https://gitlab.gnome.org/GNOME/libsoup/-/issues/496
- [Vendor advisory]https://gitlab.gnome.org/GNOME/libsoup/-/issues/496
Related CVEs
Same vendor
- CVE-2026-50259 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
- CVE-2026-50258 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
- CVE-2026-50257 — A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence() (7.8 HIGH)
- CVE-2026-50256 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
- CVE-2026-1784 — The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy (8.8 HIGH)
Same CWE
- CVE-2026-53462 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.9 MEDIUM)
- CVE-2026-46523 — ImageMagick is free and open-source software used for editing and manipulating digital images (6.2 MEDIUM)
- CVE-2026-52757 — Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable me... (4.4 MEDIUM)
- CVE-2026-49496 — Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when... (6.1 MEDIUM)
- CVE-2026-45782 — Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads