8.2

CVE-2026-2436

Exploit

EPSS 0.08%
Veröffentlicht 26.03.2026 19:31:34
Zuletzt bearbeitet 21.04.2026 15:48:48
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 6 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnome ≫ Libsoup Version-

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Version10.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.237

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
secalert@redhat.com	6.5	2.2	4.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-825 Expired Pointer Dereference

The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.

https://access.redhat.com/security/cve/CVE-2026-2436

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2442909

Third Party Advisory

Issue Tracking

https://gitlab.gnome.org/GNOME/libsoup/-/issues/501

Vendor Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-2436

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-2436

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-2436

EUVD