CVE-2026-1761
Libsoup: stack-based buffer overflow in libsoup multipart response parsingmultipart http response
CVSS Score
8.6
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
| CWE | CWE-121 |
| Vendor | red hat |
| Product | red hat enterprise linux 10 |
| Published | Feb 2, 2026 |
| Last Updated | Mar 19, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat enterprise linux 10
Be the first to know when new high vulnerabilities affecting red hat red hat enterprise linux 10 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
Low
Affected Versions
Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 10.0 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9.6 Extended Update Support
All versions affected Red Hat / Red Hat OpenShift Dev Spaces (RHOSDS) 3.26
All versions affected Red Hat / Red Hat OpenShift Dev Spaces (RHOSDS) 3.26
All versions affected Red Hat / Red Hat OpenShift Dev Spaces (RHOSDS) 3.26
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1948 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2005 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2006 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2007 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2008 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2049 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2182 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2214 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2215 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2216 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2396 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2402 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2410 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2512 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2513 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2514 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2528 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2529 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2628 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2844 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-1761 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2435961 gitlab.gnome.org: https://gitlab.gnome.org/GNOME/libsoup/-/issues/493
Credits
Red Hat would like to thank Naoki Wakamatsu for reporting this issue.