CVE-2026-1761

EUVD-2026-5104

02.02.2026, 14:16

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
redhat	CNA	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 79%

Debian Releases

Debian Product

Codename

libsoup2.4

bookworm	no-dsa
bullseye	vulnerable
bullseye (security)	vulnerable
trixie	no-dsa

libsoup3

bookworm	no-dsa
forky	3.6.5-9 fixed
sid	3.6.6-1 fixed
trixie	no-dsa

Common Weakness Enumeration

CWE-121 - Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Vulnerability Media Exposure

[GERMAN] Red Hat Enterprise Linux (libsoup): Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.
Published: 2026-02-04T23:00:00+00:00

References

https://access.redhat.com/errata/RHSA-2026:1948

https://access.redhat.com/errata/RHSA-2026:2005

https://access.redhat.com/errata/RHSA-2026:2006

https://access.redhat.com/errata/RHSA-2026:2007

https://access.redhat.com/errata/RHSA-2026:2008

https://access.redhat.com/errata/RHSA-2026:2049

https://access.redhat.com/errata/RHSA-2026:2182

https://access.redhat.com/errata/RHSA-2026:2214

https://access.redhat.com/errata/RHSA-2026:2215

https://access.redhat.com/errata/RHSA-2026:2216

https://access.redhat.com/errata/RHSA-2026:2396

https://access.redhat.com/errata/RHSA-2026:2402

https://access.redhat.com/errata/RHSA-2026:2410

https://access.redhat.com/errata/RHSA-2026:2512

https://access.redhat.com/errata/RHSA-2026:2513

https://access.redhat.com/errata/RHSA-2026:2514

https://access.redhat.com/errata/RHSA-2026:2528

https://access.redhat.com/errata/RHSA-2026:2529

https://access.redhat.com/errata/RHSA-2026:2628

https://access.redhat.com/errata/RHSA-2026:2844

https://access.redhat.com/security/cve/CVE-2026-1761

https://bugzilla.redhat.com/show_bug.cgi?id=2435961