CVE-2026-2436 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 23%

Affected Products (NVD)

Vendor	Product	Version
gnome	libsoup	-
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
redhat	enterprise_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libsoup2.4

bookworm	no-dsa
bullseye	vulnerable
bullseye (security)	vulnerable
trixie	no-dsa

libsoup3

bookworm	no-dsa
forky	vulnerable
sid	vulnerable
trixie	no-dsa

Known Exploits!

https://gitlab.gnome.org/GNOME/libsoup/-/issues/501

Common Weakness Enumeration

CWE-825 - Expired Pointer Dereference
The program dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.

Vulnerability Media Exposure

[GERMAN] IBM App Connect Enterprise: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, um Dateien zu manipulieren, um einen Cross-Site Scripting Angriff durchzuführen, um einen SQL-Injection Angriff durchzuführen, und um beliebigen Programmcode auszuführen.
Published: 2026-04-07T22:00:00+00:00

References

https://access.redhat.com/security/cve/CVE-2026-2436

https://bugzilla.redhat.com/show_bug.cgi?id=2442909

https://gitlab.gnome.org/GNOME/libsoup/-/issues/501