Medium severity5.3NVD Advisory· Published Mar 17, 2026· Updated May 19, 2026
CVE-2026-4271
CVE-2026-4271
Description
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already been freed, potentially causing application instability or crashes, resulting in a Denial of Service (DoS).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20- cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- cpe:/o:redhat:enterprise_linux:10
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
- cpe:/o:redhat:enterprise_linux:8
- cpe:/o:redhat:enterprise_linux:9
- osv-coords9 versionspkg:rpm/almalinux/libsoup3pkg:rpm/almalinux/libsoup3-develpkg:rpm/almalinux/libsoup3-docpkg:rpm/opensuse/libsoup&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 3.6.5-3.el10_2.11+ 8 more
- (no CPE)range: < 3.6.5-3.el10_2.11
- (no CPE)range: < 3.6.5-3.el10_2.11
- (no CPE)range: < 3.6.5-3.el10_1.11
- (no CPE)range: < 3.6.6-5.1
- (no CPE)range: < 3.4.4-150600.3.47.1
- (no CPE)range: < 3.4.4-150600.3.47.1
- (no CPE)range: < 3.6.6-160000.2.1
- (no CPE)range: < 3.4.4-150600.3.47.1
- (no CPE)range: < 3.6.6-160000.2.1
Patches
Vulnerability mechanics
References
6- gitlab.gnome.org/GNOME/libsoup/-/issues/496nvdExploitIssue TrackingVendor Advisory
- access.redhat.com/security/cve/CVE-2026-4271nvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor Advisory
- access.redhat.com/errata/RHSA-2026:15968nvd
- access.redhat.com/errata/RHSA-2026:17482nvd
- access.redhat.com/errata/RHSA-2026:19143nvd
News mentions
0No linked articles in our index yet.