Integer Overflow Vulnerability in libsoup Affecting Red Hat Products
CVE-2026-12478

4.8MEDIUM

Key Information:

Vendor

Red Hat

Vendor
CVE Published:
14 July 2026

What is CVE-2026-12478?

This vulnerability arises due to the improper placement of an integer overflow guard in libsoup, specifically within the conditional block for masked frames. As a result, unmasked server-to-client frames are vulnerable. A malicious WebSocket server could exploit this flaw by sending a specially crafted unmasked frame with a payload length close to UINT64_MAX. If the max_incoming_payload_size parameter is set to 0, it may lead to an out-of-bounds read in the libsoup-based client, potentially compromising user data and application behavior.

References

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Adel Bouachraoui and Gerard Capdevila for reporting this issue.
.