VYPR
Medium severity6.5NVD Advisory· Published Mar 26, 2026· Updated Apr 21, 2026

CVE-2026-2436

CVE-2026-2436

Description

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the soup_server_disconnect() function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*
    • (no CPE)
  • cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.