CVE-2026-2436

EUVD-2026-16342
A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
gnomelibsoup
-
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libsoup2.4
bookworm
no-dsa
bullseye
vulnerable
bullseye (security)
vulnerable
trixie
no-dsa
libsoup3
bookworm
no-dsa
forky
vulnerable
sid
vulnerable
trixie
no-dsa
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
libsoup3
Amazon Linux 2023
0:3.6.6-58.amzn2023
fixed
libsoup3-debuginfo
Amazon Linux 2023
0:3.6.6-58.amzn2023
fixed
libsoup3-debugsource
Amazon Linux 2023
0:3.6.6-58.amzn2023
fixed
libsoup3-devel
Amazon Linux 2023
0:3.6.6-58.amzn2023
fixed
libsoup3-doc
Amazon Linux 2023
0:3.6.6-58.amzn2023
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
libsoup
Azure Linux 3.0
0:3.4.4-15.azl3
fixed
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2026-2436
https://bugzilla.redhat.com/show_bug.cgi?id=2442909
https://gitlab.gnome.org/GNOME/libsoup/-/issues/501