Flaw in HTTP Library in GNOME-based Systems Affects Application Performance
CVE-2026-2443

5.3MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
13 February 2026

What is CVE-2026-2443?

A flaw has been identified in libsoup, the HTTP library used in GNOME-based systems, affecting its handling of specially crafted HTTP Range headers. This vulnerability allows a remote attacker to improperly access portions of server memory beyond the intended response based on specific build configurations. Exploitability of this issue is contingent on the server being configured in a vulnerable manner and utilizing the SoupServer component embedded within libsoup. It is crucial for system administrators and developers to review their configurations to mitigate potential risks associated with this vulnerability.

References

https://access.redhat.com/security/cve/CVE-2026-2443
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2439671
issue-trackingx_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libsoup/-/issues/487

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Codean Labs for reporting this issue.
.