Medium severity6.5NVD Advisory· Published Mar 26, 2026· Updated Apr 21, 2026
CVE-2026-2436
CVE-2026-2436
Description
A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the soup_server_disconnect() function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*
- (no CPE)
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
3- gitlab.gnome.org/GNOME/libsoup/-/issues/501nvdExploitIssue TrackingVendor Advisory
- access.redhat.com/security/cve/CVE-2026-2436nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.