Description
A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash. Applications using libsoup’s WebSocket support with this configuration may be impacted.
Published: 2026-01-13
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory Disclosure / Crash
Action: Apply Workaround
AI Analysis

Impact

An out-of-bounds read occurs in libsoup’s WebSocket frame processing when the maximum incoming payload size is left unset. The flaw allows the library to read memory beyond the intended bounds, which can expose sensitive data or cause a crash. This weakness is classified as CWE‑805 and threatens confidentiality and availability.

Affected Systems

Red Hat Enterprise Linux 6, 7, 8, 9, and 10 are affected due to the inclusion of the libsoup library. All installations that deploy application code using libsoup’s WebSocket functionality with the default configuration are potentially impacted because the maximum incoming payload size defaults to zero when not explicitly set.

Risk and Exploitability

The vulnerability has a CVSS score of 4.8, indicating moderate severity, and an EPSS score of less than 1 percent, reflecting a very low probability of exploitation. It has not been added to CISA’s KEV catalog, and no public exploit is known. The most likely attack vector involves an attacker sending specially crafted WebSocket frames to a target application that uses libsoup without configuring a non‑zero maximum payload size. If successful, the attacker could read arbitrary memory or trigger a denial‑of‑service condition. Although the risk remains moderate, the low exploitation probability warrants proactive mitigation.

Generated by OpenCVE AI on April 18, 2026 at 06:25 UTC.

Remediation

Vendor Workaround

To mitigate this issue, applications utilizing libsoup's WebSocket support should ensure that the `max_incoming_payload_size` is explicitly set to a non-zero value. This prevents the library from processing WebSocket frames with an unset or zero maximum payload size, which can lead to out-of-bounds reads. Consult application-specific documentation for configuring libsoup parameters.

OpenCVE Recommended Actions

  • Configure libsoup applications to set the max_incoming_payload_size parameter to a non‑zero value such as 1048576 bytes.
  • Verify that all WebSocket‑enabled services in the environment have this configuration enabled and document the setting.
  • Add defensive checks or logging to detect frames that exceed the configured maximum to aid in monitoring and incident response.

Generated by OpenCVE AI on April 18, 2026 at 06:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 14 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 23:15:00 +0000

Type Values Removed Values Added
Title libsoup: Out-of-Bounds Read in libsoup WebSocket Frame Processing Libsoup: out-of-bounds read in libsoup websocket frame processing
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References

Fri, 09 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash. Applications using libsoup’s WebSocket support with this configuration may be impacted.
Title libsoup: Out-of-Bounds Read in libsoup WebSocket Frame Processing
Weaknesses CWE-805
References
Metrics threat_severity

None

 cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L'}

threat_severity

Moderate

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-01-14T14:36:02.731Z

Reserved: 2026-01-08T11:48:19.812Z

Link: CVE-2026-0716

cve-icon Vulnrichment

Updated: 2026-01-14T14:35:53.934Z

cve-icon NVD

Status : Deferred

Published: 2026-01-13T23:16:04.163

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-0716

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-01-08T00:00:00Z

Links: CVE-2026-0716 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:30:25Z

Weaknesses