Description
A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service.
Published: 2026-03-26
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A flaw in the SoupServer component of libsoup introduces a use‑after‑free condition. When the server initiates a TLS handshake, the library’s disconnect routine may free the connection object before the handshake has completed. If the handshake finishes after the object has been released, the server dereferences a dangling pointer and crashes. The resulting denial of service can be triggered by a remote actor initiating a TLS connection to the affected SoupServer.

Affected Systems

The vulnerability affects Red Hat Enterprise Linux releases 10, 6, 7, 8, and 9, where the included libsoup package contains the vulnerable SoupServer. All users running the default distribution packages before the security update are potentially exposed.

Risk and Exploitability

With a CVSS score of 6.5, the flaw carries a moderate severity level. The EPSS metric is less than 1 %, indicating a very low probability of widespread exploitation at this time, and the vulnerability is currently not listed in the CISA KEV catalog. Attackers would need network access to the vulnerable SoupServer during the TLS handshake, which can be achieved through standard inbound connections, suggesting that the attack vector is network‑based.

Generated by OpenCVE AI on April 16, 2026 at 02:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Red Hat security update that contains the libsoup patch.
  • Until the update is available, limit or block TLS traffic to the SoupServer to prevent a crash during handshake.
  • Implement connection rate limiting on the server to reduce the impact of repeated crash attempts.

Generated by OpenCVE AI on April 16, 2026 at 02:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 21 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Gnome
Gnome libsoup
CPEs cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Gnome
Gnome libsoup

Sat, 28 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
References

Thu, 26 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service.
Title libsoup: libsoup: Denial of Service via use-after-free in SoupServer during TLS handshake Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Libsoup
Libsoup libsoup
Vendors & Products Libsoup
Libsoup libsoup

Wed, 11 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title libsoup: libsoup: Denial of Service via use-after-free in SoupServer during TLS handshake
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H'}

threat_severity

Moderate

Subscriptions

Gnome Libsoup
Libsoup Libsoup
Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-21T16:00:28.482Z

Reserved: 2026-02-12T23:01:17.156Z

Link: CVE-2026-2436

cve-icon Vulnrichment

Updated: 2026-03-27T19:47:43.552Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T20:16:11.720

Modified: 2026-04-21T15:48:48.817

Link: CVE-2026-2436

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-11T00:00:00Z

Links: CVE-2026-2436 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T02:45:06Z

Weaknesses