CVE-2026-4271

CWE-416 โ€” Use After Free7 documents7 sources
Severity
7.5HIGH
EPSS
1.5%
top 18.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Enterprise Linux
Timeline
PublishedMar 17

Description

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already been freed, potentially causing application instability or crashes, resulting in a Denial of Service (DoS).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages0 packages

Also affects: Enterprise Linux 10.0, 6.0, 7.0, 8.0, 9.0

๐Ÿ”ดVulnerability Details

3
CVEList
Libsoup: libsoup: denial of service via use-after-free in http/2 serverโ†—2026-03-17
โ–ถ
OSV
CVE-2026-4271: A flaw was found in libsoup, a library for handling HTTP requestsโ†—2026-03-17
โ–ถ
GHSA
GHSA-xxmc-fm3p-q3x8: A flaw was found in libsoup, a library for handling HTTP requestsโ†—2026-03-17
โ–ถ

๐Ÿ“‹Vendor Advisories

2
Red Hat
libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 serverโ†—2026-03-16
โ–ถ
Debian
CVE-2026-4271: libsoup2.4 - A flaw was found in libsoup, a library for handling HTTP requests. This vulnerab...โ†—2026
โ–ถ

๐Ÿ•ต๏ธThreat Intelligence

1
Wiz
CVE-2026-4271 Impact, Exploitability, and Mitigation Steps | Wizโ†—
โ–ถ