Description
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.
Published: 2026-01-08
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Immediately
AI Analysis

Impact

A flaw in libsoup’s NTLM authentication routine triggers a signed‑to‑unsigned conversion error when handling unusually long passwords. The conversion causes an internal size calculation to overflow, leading to an incorrect stack allocation and unsafe memory copying. As a consequence, applications that employ libsoup can crash, resulting in a denial‑of‑service condition.

Affected Systems

Red Hat Customer Advisory Service lists a broad set of affected operating systems, including Red Hat Enterprise Linux 6, 7 (Extended Lifecycle Support), 8, 8.2, 8.4, 8.6, 8.8, 9, 9.4, and 9.6, as well as Red Hat Enterprise Linux 10 and all of its extended update tracks. Red Hat OpenShift Dev Spaces 3.26 is also impacted. The vulnerability resides in the underlying libsoup library that is bundled with these distributions.

Risk and Exploitability

The metric set indicates a CVSS score of 8.6, yet the EPSS suggests exploitation probability is below 1 % and it is not listed in the CISA KEV catalog. The stack overflow can be triggered remotely by delivering a specially crafted NTLM authentication message to any application using libsoup, though exploitation would require the attacker to control the authentication payload. Because the flaw leads only to crashes, the most immediate risk is to service availability rather than to confidentiality or integrity.

Generated by OpenCVE AI on April 18, 2026 at 07:43 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

OpenCVE Recommended Actions

  • Install the Red Hat update package released in errata RHSA‑2026:1948 to replace the vulnerable libsoup library.
  • Restart all services and applications that depend on libsoup so the new library is loaded.
  • Where possible, disable NTLM authentication or restrict password length enforcement on network services until the patch is in place.

Generated by OpenCVE AI on April 18, 2026 at 07:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Devspaces
CPEs cpe:/a:redhat:openshift_devspaces:3.26::el9
Vendors & Products Redhat openshift Devspaces
References

Thu, 12 Feb 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els
References

Wed, 11 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
References

Wed, 11 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
References

Wed, 11 Feb 2026 08:15:00 +0000

Type Values Removed Values Added
References

Wed, 11 Feb 2026 08:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.6::baseos
cpe:/o:redhat:rhel_tus:8.6::baseos
References

Tue, 10 Feb 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Eus Long Life
CPEs cpe:/a:redhat:rhel_aus:8.2::appstream
cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
cpe:/o:redhat:rhel_aus:8.2::baseos
cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Vendors & Products Redhat rhel Aus
Redhat rhel Eus Long Life
References

Mon, 09 Feb 2026 07:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/o:redhat:enterprise_linux:8::baseos
References

Mon, 09 Feb 2026 03:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
References

Thu, 05 Feb 2026 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.1
References

Thu, 05 Feb 2026 13:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:9.6::appstream
References

Thu, 05 Feb 2026 07:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux Eus
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/o:redhat:enterprise_linux_eus:10.0
Vendors & Products Redhat enterprise Linux Eus
References

Thu, 05 Feb 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
Vendors & Products Redhat rhel Eus
References

Thu, 05 Feb 2026 04:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.2::appstream
References

Thu, 05 Feb 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_tus:8.8::appstream
cpe:/o:redhat:rhel_e4s:8.8::baseos
cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products Redhat rhel E4s
Redhat rhel Tus
References

Tue, 13 Jan 2026 06:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H'}

Fri, 09 Jan 2026 06:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in libsoup's NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-based buffer overflow vulnerability in the md4sum() function. This allows the attacker to overwrite adjacent memory, which may result in arbitrary code execution with the privileges of the affected application. A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.

Fri, 09 Jan 2026 05:45:00 +0000

Type Values Removed Values Added
Title Libsoup: libsoup: arbitrary code execution via stack-based buffer overflow in ntlm authentication Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Fri, 09 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 08 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 08 Jan 2026 13:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in libsoup's NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-based buffer overflow vulnerability in the md4sum() function. This allows the attacker to overwrite adjacent memory, which may result in arbitrary code execution with the privileges of the affected application.
Title Libsoup: libsoup: arbitrary code execution via stack-based buffer overflow in ntlm authentication
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-121
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Enterprise Linux Enterprise Linux Eus Openshift Devspaces Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-02-26T15:04:55.053Z

Reserved: 2026-01-08T12:12:33.130Z

Link: CVE-2026-0719

cve-icon Vulnrichment

Updated: 2026-01-08T14:31:28.400Z

cve-icon NVD

Status : Deferred

Published: 2026-01-08T13:15:43.283

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-0719

cve-icon Redhat

Severity : Important

Publid Date: 2026-01-08T00:00:00Z

Links: CVE-2026-0719 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T07:45:24Z

Weaknesses