WebSocket Memory Exposure in libsoup Affects Various Applications
CVE-2026-0716

4.8MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
13 January 2026

What is CVE-2026-0716?

A vulnerability has been identified in libsoup's processing of WebSocket frames. When using non-default configurations that do not specify a maximum incoming payload size, the library may inadvertently read memory outside of its intended bounds. This flaw can lead to unintended memory exposure or crashes in applications that utilize libsoup's WebSocket capabilities. Developers are advised to ensure proper configuration to mitigate potential risks.

References

https://access.redhat.com/security/cve/CVE-2026-0716
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2427896
issue-trackingx_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libsoup/-/issues/476

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.