CVE-2026-4271

EUVD-2026-12568
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already been freed, potentially causing application instability or crashes, resulting in a Denial of Service (DoS).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
gnomelibsoup
-
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libsoup2.4
bookworm
no-dsa
bullseye
vulnerable
bullseye (security)
vulnerable
trixie
no-dsa
libsoup3
bookworm
no-dsa
forky
vulnerable
sid
vulnerable
trixie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libsoup2.4
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
questing
needs-triage
resolute
needs-triage
xenial
needs-triage
libsoup3
jammy
needs-triage
noble
needs-triage
questing
needs-triage
resolute
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libsoup-3_0-0
suse enterprise desktop 15 SP7
3.4.4-150600.3.47.1
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.47.1
fixed
suse enterprise server 15 SP6
3.4.4-150600.3.47.1
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.47.1
fixed
libsoup-devel
suse enterprise desktop 15 SP7
3.4.4-150600.3.47.1
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.47.1
fixed
suse enterprise server 15 SP6
3.4.4-150600.3.47.1
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.47.1
fixed
libsoup-lang
suse enterprise desktop 15 SP7
3.4.4-150600.3.47.1
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.47.1
fixed
suse enterprise server 15 SP6
3.4.4-150600.3.47.1
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.47.1
fixed
typelib-1_0-Soup-3_0
suse enterprise desktop 15 SP7
3.4.4-150600.3.47.1
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.47.1
fixed
suse enterprise server 15 SP6
3.4.4-150600.3.47.1
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.47.1
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2026:15968
https://access.redhat.com/errata/RHSA-2026:17482
https://access.redhat.com/errata/RHSA-2026:19143
https://access.redhat.com/security/cve/CVE-2026-4271
https://bugzilla.redhat.com/show_bug.cgi?id=2448044
https://gitlab.gnome.org/GNOME/libsoup/-/issues/496
https://gitlab.gnome.org/GNOME/libsoup/-/issues/496