Skip to main content

libsoup CVE-2026-12549

| EUVDEUVD-2026-38279 MEDIUM
Buffer Access with Incorrect Length Value (CWE-805)
2026-06-22 redhat GHSA-7gwx-vgp2-4hmg
4.8
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
4.8 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
vuln.today AI
4.8 MEDIUM

Network-triggerable via crafted Range header with no authentication; AC:H reflects content-size dependency; impact limited to malformed responses and log flooding with no integrity effect.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
4.8 MEDIUM
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Jun 22, 2026 - 16:06 vuln.today
CVE Published
Jun 22, 2026 - 13:55 cve.org
MEDIUM 4.8

DescriptionCVE.org

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading to malformed HTTP 206 responses and log flooding.

AnalysisAI

Malformed HTTP Range request handling in libsoup (GNOME's HTTP client/server library, packaged across Red Hat Enterprise Linux 6-10) re-introduces a signed integer underflow originally patched in CVE-2026-2443. A rework commit replaced specific overflow guards with a general signed comparison, meaning a suffix-byte Range request whose length exceeds the resource content size now produces a negative start offset that is passed unclamped to buffer operations, generating malformed HTTP 206 responses and log flooding. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Send HTTP GET with Range: bytes=-N (N > content size)
Delivery
Regressed signed comparison fails to clamp negative start offset
Exploit
libsoup computes negative buffer start position
Execution
Malformed HTTP 206 response generated
Impact
High-volume error log entries exhaust disk availability

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target application uses libsoup as its HTTP server library and exposes an HTTP endpoint that processes Range requests from untrusted clients. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 4.8 (Medium) with vector AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L positions this as a moderate, remotely triggerable flaw requiring no authentication. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote unauthenticated attacker sends a series of HTTP GET requests to a libsoup-based server with headers such as Range: bytes=-9999999999 targeting any static resource. The server computes a deeply negative start offset due to the regressed signed comparison, emits malformed HTTP 206 responses, and generates a high-volume error log entry per request. …
Remediation Monitor the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-12549 and Bugzilla entry https://bugzilla.redhat.com/show_bug.cgi?id=2489999 for errata packages across RHEL 6-10; apply vendor-released updates as soon as they become available. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-4631 CRITICAL POC
9.8 Apr 07

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-28369 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel

CVE-2026-28368 CRITICAL
9.1 Mar 27

HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-28367 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

CVE-2026-0966 HIGH
8.2 Mar 26

Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon proces

CVE-2026-35091 HIGH
8.2 Apr 01

Out-of-bounds read in Corosync allows unauthenticated remote attackers to crash cluster nodes and potentially leak memor

CVE-2026-42013 HIGH
8.2 May 26

Here is the multi-source synthesis as a single JSON object: ```json { "product_name": "GnuTLS", "summary": "Certifi

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Micro 5.3 Affected

Share

CVE-2026-12549 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy