CVE-2026-2436

| EUVD-2026-16342 MEDIUM
2026-03-26 redhat GHSA-wpfw-5xvc-wq9w
6.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 26, 2026 - 20:00 vuln.today
EUVD ID Assigned
Mar 26, 2026 - 20:00 euvd
EUVD-2026-16342
CVE Published
Mar 26, 2026 - 19:31 nvd
MEDIUM 6.5

Tags

Denial Of Service

Description

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service.

Analysis

libsoup's SoupServer contains a use-after-free vulnerability in the soup_server_disconnect() function that prematurely frees connection objects while TLS handshakes are pending, allowing remote unauthenticated attackers to trigger a server crash via denial of service when a handshake completes after memory deallocation. The vulnerability affects Red Hat Enterprise Linux versions 6, 7, 8, 9, and 10, as well as Ubuntu and Debian distributions across multiple releases. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

33
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +32
POC: 0

Vendor Status

Ubuntu

Priority: Medium
libsoup2.4
Release Status Version
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing needs-triage -
upstream needs-triage -
libsoup3
Release Status Version
jammy needs-triage -
noble needs-triage -
questing needs-triage -
upstream needs-triage -

Debian

Bug #1130498
libsoup2.4
Release Status Fixed Version Urgency
bullseye vulnerable 2.72.0-2 -
bullseye (security) vulnerable 2.72.0-2+deb11u3 -
bookworm vulnerable 2.74.3-1+deb12u1 -
trixie vulnerable 2.74.3-10.1 -
(unstable) fixed (unfixed) -
libsoup3
Release Status Fixed Version Urgency
bookworm vulnerable 3.2.3-0+deb12u2 -
trixie vulnerable 3.6.5-3 -
forky, sid vulnerable 3.6.6-1 -
(unstable) fixed (unfixed) -

Share

CVE-2026-2436 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy