CVE-2026-0719
Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication
CVSS Score
8.6
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.
| CWE | CWE-121 |
| Vendor | red hat |
| Product | red hat enterprise linux 10 |
| Published | Jan 8, 2026 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat enterprise linux 10
Be the first to know when new high vulnerabilities affecting red hat red hat enterprise linux 10 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High
Affected Versions
Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 10.0 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9.6 Extended Update Support
All versions affected Red Hat / Red Hat OpenShift Dev Spaces (RHOSDS) 3.26
All versions affected Red Hat / Red Hat OpenShift Dev Spaces (RHOSDS) 3.26
All versions affected Red Hat / Red Hat OpenShift Dev Spaces (RHOSDS) 3.26
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1948 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2005 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2006 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2007 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2008 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2049 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2182 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2214 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2215 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2216 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2396 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2402 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2512 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2513 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2514 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2528 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2529 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2628 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2844 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-0719 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2427906 gitlab.gnome.org: https://gitlab.gnome.org/GNOME/libsoup/-/issues/477
Credits
Red Hat would like to thank treeplus for reporting this issue.