NTLM Authentication Flaw in Libsoup HTTP Library Impacting GNOME Applications
CVE-2026-0719

8.6HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
8 January 2026

What is CVE-2026-0719?

A vulnerability has been discovered in the NTLM authentication handling within the libsoup HTTP library, which is utilized by GNOME and various other applications for network interactions. This flaw arises when the library processes overly long passwords, leading to an internal size calculation overflow due to the incorrect handling of signed integers. Consequently, this overflow may cause improper memory allocation on the stack, resulting in unsafe memory copying. Applications that rely on libsoup could experience unexpected crashes, thus creating a potential denial-of-service condition.

References

https://access.redhat.com/security/cve/CVE-2026-0719
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2427906
issue-trackingx_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libsoup/-/issues/477

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank treeplus for reporting this issue.
JSON
.