CVE-2026-1761

high

Description

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.

References

Advisories
More

https://access.redhat.com/errata/RHSA-2026:2628

https://access.redhat.com/errata/RHSA-2026:2529

https://access.redhat.com/errata/RHSA-2026:2528

https://access.redhat.com/errata/RHSA-2026:2514

https://access.redhat.com/errata/RHSA-2026:2513

https://access.redhat.com/errata/RHSA-2026:2512

https://access.redhat.com/errata/RHSA-2026:2410

https://access.redhat.com/errata/RHSA-2026:2402

https://access.redhat.com/errata/RHSA-2026:2396

https://access.redhat.com/errata/RHSA-2026:2216

https://access.redhat.com/errata/RHSA-2026:2215

https://access.redhat.com/errata/RHSA-2026:2214

https://access.redhat.com/errata/RHSA-2026:2182

https://access.redhat.com/errata/RHSA-2026:2049

https://access.redhat.com/errata/RHSA-2026:2008

https://access.redhat.com/errata/RHSA-2026:2007

https://access.redhat.com/errata/RHSA-2026:2006

https://access.redhat.com/errata/RHSA-2026:2005

https://access.redhat.com/errata/RHSA-2026:1948

https://bugzilla.redhat.com/show_bug.cgi?id=2435961

https://access.redhat.com/security/cve/CVE-2026-1761

Details

Source: Mitre, NVD

Published: 2026-02-02

Updated: 2026-02-12

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:C/A:P

Severity: High

CVSS v3

Base Score: 8.6

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Severity: High

EPSS

EPSS: 0.00144