CVE-2026-4271

🗓️ 17 Mar 2026 11:14:21Reported by redhatType

Libsoup HTTP/2 server use-after-free causes denial of service from crafted requests.

Reporter	Title	Published	Views	Family All 43
ATTACKERKB	CVE-2026-4271	17 Mar 202611:14	–	attackerkb
CNNVD	libsoup 安全漏洞	17 Mar 202600:00	–	cnnvd
Cvelist	CVE-2026-4271 Libsoup: libsoup: denial of service via use-after-free in http/2 server	17 Mar 202611:14	–	cvelist
Debian CVE	CVE-2026-4271	17 Mar 202611:14	–	debiancve
Oracle linux	libsoup3 security update	11 May 202600:00	–	oraclelinux
EUVD	EUVD-2026-12568	17 Mar 202612:30	–	euvd
NVD	CVE-2026-4271	17 Mar 202612:16	–	nvd
Tenable Nessus	openSUSE 16 Security Update : libsoup (openSUSE-SU-2026:20845-1)	2 Jun 202600:00	–	nessus
Tenable Nessus	Oracle Linux 10 : libsoup3 (ELSA-2026-15968)	11 May 202600:00	–	nessus
Tenable Nessus	RHEL 10 : libsoup3 (RHSA-2026:15968)	11 May 202600:00	–	nessus

NVD

Node

gnome libsoupMatch-

redhat enterprise_linuxMatch6.0

redhat enterprise_linuxMatch7.0

redhat enterprise_linuxMatch8.0

redhat enterprise_linuxMatch9.0

redhat enterprise_linuxMatch10.0

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup3",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.6.5-3.el10_1.11",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10.1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup3",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.6.5-3.el10_2.11",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10.2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup3",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.6.5-3.el10_0.15",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux_eus:10.0"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2026:17482
access	www.access.redhat.com/security/cve/CVE-2026-4271
gitlab	www.gitlab.gnome.org/GNOME/libsoup/-/issues/496
access	www.access.redhat.com/errata/RHSA-2026:15968
access	www.access.redhat.com/errata/RHSA-2026:19143

19 May 2026 22:16Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.3 - 7.5

EPSS0.00931

SSVC

CWE-416