CVE-2026-2443
published 2026-02-13CVE-2026-2443: A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libsoup2.4 | < libsoup3 3.6.6-1 (forky) | libsoup3 3.6.6-1 (forky) |
| debian | libsoup3 | < libsoup3 3.6.6-1 (forky) | libsoup3 3.6.6-1 (forky) |
| msrc | azl3_libsoup_3.4.4-11_on_azure_linux_3.0 | — | — |
| msrc | azl3_libsoup_3.4.4-12_on_azure_linux_3.0 | — | — |
| msrc | azl3_libsoup_3.4.4-14_on_azure_linux_3.0 | — | — |
| msrc | cbl2_libsoup_3.0.4-10_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_libsoup_3.0.4-12_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_libsoup_3.0.4-13_on_cbl_mariner_2.0 | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv5.3MEDIUM