Stack-based Buffer Overflow Flaw in Libsoup Affects Multiple Products
CVE-2026-1761

8.6HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Red Hat Enterprise Linux 8
Vendor
CVE Published:
2 February 2026

What is CVE-2026-1761?

A stack-based buffer overflow vulnerability exists in Libsoup, triggered during the parsing of multipart HTTP responses due to improper length calculations. An attacker can exploit this flaw by sending a specially crafted multipart HTTP response that induces memory corruption, potentially leading to application crashes or arbitrary code execution. Notably, this vulnerability can be exploited without the need for authentication or user interaction, putting numerous applications that process untrusted server responses at risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Red Hat Enterprise Linux 10 0:3.6.5-3.el10_1.9

Red Hat Enterprise Linux 10 0:3.6.5-3.el10_1.10

Red Hat Enterprise Linux 10.0 Extended Update Support 0:3.6.5-3.el10_0.14

References

https://access.redhat.com/errata/RHSA-2026:1948
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2005
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2006
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Naoki Wakamatsu for reporting this issue.
JSON
.