CVE-2026-2369

EUVD-2026-13105
A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.
Wrap or Wraparound
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
gnomelibsoup
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libsoup2.4
bookworm
no-dsa
bullseye
vulnerable
bullseye (security)
vulnerable
trixie
no-dsa
libsoup3
bookworm
no-dsa
forky
3.6.6-1
fixed
sid
3.6.6-1
fixed
trixie
no-dsa
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libsoup-2_4-1
suse enterprise desktop 15 SP7
2.74.3-150600.4.27.1
fixed
suse enterprise sap 15 SP4
2.74.2-150400.3.31.1
fixed
suse enterprise sap 15 SP5
2.74.2-150400.3.31.1
fixed
suse enterprise sap 15 SP7
2.74.3-150600.4.27.1
fixed
suse enterprise server 12 SP3
2.62.2-5.34.1
fixed
suse enterprise server 12 SP5
2.62.2-5.34.1
fixed
suse enterprise server 15 SP4
2.74.2-150400.3.31.1
fixed
suse enterprise server 15 SP5
2.74.2-150400.3.31.1
fixed
suse enterprise server 15 SP6
2.74.3-150600.4.27.1
fixed
suse enterprise server 15 SP7
2.74.3-150600.4.27.1
fixed
libsoup-2_4-1-32bit
suse enterprise server 12 SP3
2.62.2-5.34.1
fixed
suse enterprise server 12 SP5
2.62.2-5.34.1
fixed
libsoup-3_0-0
suse enterprise desktop 15 SP7
3.4.4-150600.3.34.1
fixed
suse enterprise sap 15 SP4
3.0.4-150400.3.34.1
fixed
suse enterprise sap 15 SP5
3.0.4-150400.3.34.1
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.34.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.3.34.1
fixed
suse enterprise server 15 SP5
3.0.4-150400.3.34.1
fixed
suse enterprise server 15 SP6
3.4.4-150600.3.34.1
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.34.1
fixed
libsoup-devel
suse enterprise desktop 15 SP7
3.4.4-150600.3.34.1
fixed
suse enterprise sap 15 SP4
3.0.4-150400.3.34.1
fixed
suse enterprise sap 15 SP5
3.0.4-150400.3.34.1
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.34.1
fixed
suse enterprise server 12 SP3
2.62.2-5.34.1
fixed
suse enterprise server 12 SP5
2.62.2-5.34.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.3.34.1
fixed
suse enterprise server 15 SP5
3.0.4-150400.3.34.1
fixed
suse enterprise server 15 SP6
3.4.4-150600.3.34.1
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.34.1
fixed
libsoup-lang
suse enterprise desktop 15 SP7
3.4.4-150600.3.34.1
fixed
suse enterprise sap 15 SP4
3.0.4-150400.3.34.1
fixed
suse enterprise sap 15 SP5
3.0.4-150400.3.34.1
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.34.1
fixed
suse enterprise server 12 SP3
2.62.2-5.34.1
fixed
suse enterprise server 12 SP5
2.62.2-5.34.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.3.34.1
fixed
suse enterprise server 15 SP5
3.0.4-150400.3.34.1
fixed
suse enterprise server 15 SP6
3.4.4-150600.3.34.1
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.34.1
fixed
libsoup2-devel
suse enterprise desktop 15 SP7
2.74.3-150600.4.27.1
fixed
suse enterprise sap 15 SP4
2.74.2-150400.3.31.1
fixed
suse enterprise sap 15 SP5
2.74.2-150400.3.31.1
fixed
suse enterprise sap 15 SP7
2.74.3-150600.4.27.1
fixed
suse enterprise server 15 SP4
2.74.2-150400.3.31.1
fixed
suse enterprise server 15 SP5
2.74.2-150400.3.31.1
fixed
suse enterprise server 15 SP6
2.74.3-150600.4.27.1
fixed
suse enterprise server 15 SP7
2.74.3-150600.4.27.1
fixed
libsoup2-lang
suse enterprise desktop 15 SP7
2.74.3-150600.4.27.1
fixed
suse enterprise sap 15 SP4
2.74.2-150400.3.31.1
fixed
suse enterprise sap 15 SP5
2.74.2-150400.3.31.1
fixed
suse enterprise sap 15 SP7
2.74.3-150600.4.27.1
fixed
suse enterprise server 15 SP4
2.74.2-150400.3.31.1
fixed
suse enterprise server 15 SP5
2.74.2-150400.3.31.1
fixed
suse enterprise server 15 SP6
2.74.3-150600.4.27.1
fixed
suse enterprise server 15 SP7
2.74.3-150600.4.27.1
fixed
typelib-1_0-Soup-2_4
suse enterprise desktop 15 SP7
2.74.3-150600.4.27.1
fixed
suse enterprise sap 15 SP4
2.74.2-150400.3.31.1
fixed
suse enterprise sap 15 SP5
2.74.2-150400.3.31.1
fixed
suse enterprise sap 15 SP7
2.74.3-150600.4.27.1
fixed
suse enterprise server 12 SP3
2.62.2-5.34.1
fixed
suse enterprise server 12 SP5
2.62.2-5.34.1
fixed
suse enterprise server 15 SP4
2.74.2-150400.3.31.1
fixed
suse enterprise server 15 SP5
2.74.2-150400.3.31.1
fixed
suse enterprise server 15 SP6
2.74.3-150600.4.27.1
fixed
suse enterprise server 15 SP7
2.74.3-150600.4.27.1
fixed
typelib-1_0-Soup-3_0
suse enterprise desktop 15 SP7
3.4.4-150600.3.34.1
fixed
suse enterprise sap 15 SP4
3.0.4-150400.3.34.1
fixed
suse enterprise sap 15 SP5
3.0.4-150400.3.34.1
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.34.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.3.34.1
fixed
suse enterprise server 15 SP5
3.0.4-150400.3.34.1
fixed
suse enterprise server 15 SP6
3.4.4-150600.3.34.1
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.34.1
fixed
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2026-2369
https://bugzilla.redhat.com/show_bug.cgi?id=2439091
https://gitlab.gnome.org/GNOME/libsoup/-/issues/498