Unrated severityNVD Advisory· Published Feb 13, 2026· Updated Mar 23, 2026

Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure

CVE-2026-2443

Description

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.

Affected products

Red Hat/Red Hat Enterprise Linux 10v5
cpe:/o:redhat:enterprise_linux:10
Red Hat/Red Hat Enterprise Linux 6v5
cpe:/o:redhat:enterprise_linux:6
Red Hat/Red Hat Enterprise Linux 7v5
cpe:/o:redhat:enterprise_linux:7
Red Hat/Red Hat Enterprise Linux 8v5
cpe:/o:redhat:enterprise_linux:8
Red Hat/Red Hat Enterprise Linux 9v5
cpe:/o:redhat:enterprise_linux:9
GNOME Foundation/Libsoupllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/security/cve/CVE-2026-2443mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
gitlab.gnome.org/GNOME/libsoup/-/issues/487mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000