High severity8.6NVD Advisory· Published Jan 8, 2026· Updated Apr 15, 2026
CVE-2026-0719
CVE-2026-0719
Description
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
45- osv-coords44 versionspkg:rpm/almalinux/libsouppkg:rpm/almalinux/libsoup3pkg:rpm/almalinux/libsoup3-develpkg:rpm/almalinux/libsoup3-docpkg:rpm/almalinux/libsoup-develpkg:rpm/opensuse/libsoup2&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libsoup2&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/libsoup2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libsoup&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libsoup&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/libsoup&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Micro%206.2
< 2.62.3-13.el8_10+ 43 more
- (no CPE)range: < 2.62.3-13.el8_10
- (no CPE)range: < 3.6.5-3.el10_1.9
- (no CPE)range: < 3.6.5-3.el10_1.9
- (no CPE)range: < 3.6.5-3.el10_1.9
- (no CPE)range: < 2.62.3-13.el8_10
- (no CPE)range: < 2.74.3-150600.4.19.1
- (no CPE)range: < 2.74.3-160000.4.1
- (no CPE)range: < 2.74.3-14.1
- (no CPE)range: < 3.4.4-150600.3.28.1
- (no CPE)range: < 3.6.5-160000.3.1
- (no CPE)range: < 3.6.5-11.1
- (no CPE)range: < 2.74.2-150400.3.19.1
- (no CPE)range: < 2.74.2-150400.3.19.1
- (no CPE)range: < 2.74.2-150400.3.19.1
- (no CPE)range: < 2.74.2-150400.3.19.1
- (no CPE)range: < 2.74.2-150400.3.19.1
- (no CPE)range: < 2.74.2-150400.3.19.1
- (no CPE)range: < 2.74.2-150400.3.19.1
- (no CPE)range: < 2.74.3-150600.4.19.1
- (no CPE)range: < 2.74.2-150400.3.19.1
- (no CPE)range: < 2.74.2-150400.3.19.1
- (no CPE)range: < 2.74.3-150600.4.19.1
- (no CPE)range: < 2.74.2-150400.3.19.1
- (no CPE)range: < 2.74.2-150400.3.19.1
- (no CPE)range: < 2.74.3-150600.4.19.1
- (no CPE)range: < 3.0.4-150400.3.28.1
- (no CPE)range: < 3.0.4-150400.3.28.1
- (no CPE)range: < 3.0.4-150400.3.28.1
- (no CPE)range: < 3.0.4-150400.3.28.1
- (no CPE)range: < 2.68.4-150200.4.19.1
- (no CPE)range: < 3.4.4-150600.3.28.1
- (no CPE)range: < 2.62.2-5.26.1
- (no CPE)range: < 3.0.4-150400.3.28.1
- (no CPE)range: < 3.0.4-150400.3.28.1
- (no CPE)range: < 3.4.4-150600.3.28.1
- (no CPE)range: < 3.6.5-160000.3.1
- (no CPE)range: < 3.0.4-150400.3.28.1
- (no CPE)range: < 3.0.4-150400.3.28.1
- (no CPE)range: < 3.4.4-150600.3.28.1
- (no CPE)range: < 3.6.5-160000.3.1
- (no CPE)range: < 2.62.2-5.26.1
- (no CPE)range: < 3.4.2-11.1
- (no CPE)range: < 3.4.4-slfo.1.1_6.1
- (no CPE)range: < 3.6.5-160000.3.1
Patches
Vulnerability mechanics
References
22- access.redhat.com/errata/RHSA-2026:1948nvd
- access.redhat.com/errata/RHSA-2026:2005nvd
- access.redhat.com/errata/RHSA-2026:2006nvd
- access.redhat.com/errata/RHSA-2026:2007nvd
- access.redhat.com/errata/RHSA-2026:2008nvd
- access.redhat.com/errata/RHSA-2026:2049nvd
- access.redhat.com/errata/RHSA-2026:2182nvd
- access.redhat.com/errata/RHSA-2026:2214nvd
- access.redhat.com/errata/RHSA-2026:2215nvd
- access.redhat.com/errata/RHSA-2026:2216nvd
- access.redhat.com/errata/RHSA-2026:2396nvd
- access.redhat.com/errata/RHSA-2026:2402nvd
- access.redhat.com/errata/RHSA-2026:2512nvd
- access.redhat.com/errata/RHSA-2026:2513nvd
- access.redhat.com/errata/RHSA-2026:2514nvd
- access.redhat.com/errata/RHSA-2026:2528nvd
- access.redhat.com/errata/RHSA-2026:2529nvd
- access.redhat.com/errata/RHSA-2026:2628nvd
- access.redhat.com/errata/RHSA-2026:2844nvd
- access.redhat.com/security/cve/CVE-2026-0719nvd
- bugzilla.redhat.com/show_bug.cginvd
- gitlab.gnome.org/GNOME/libsoup/-/issues/477nvd
News mentions
0No linked articles in our index yet.