CVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources

🗓️ 19 Mar 2026 14:20:27Reported by redhatType

A Libsoup integer underflow on zero length resources causes buffer overread, risking information disclosure or denial of service.

Reporter	Title	Published	Views	Family All 68
ATTACKERKB	CVE-2026-2369	19 Mar 202614:20	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2026-1460)	6 Mar 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2026-2213)	9 Jun 202600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2026-2251)	9 Jun 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : libsoup2 (openSUSE-SU-2026:20354-1)	15 Mar 202600:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup2 (SUSE-SU-2026:0657-1)	4 Mar 202600:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : libsoup (SUSE-SU-2026:0689-1)	2 Mar 202600:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup (SUSE-SU-2026:0690-1)	2 Mar 202600:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : libsoup (SUSE-SU-2026:0703-1)	4 Mar 202600:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : libsoup2 (SUSE-SU-2026:0834-1)	7 Mar 202600:00	–	nessus

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup3",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2026-2369
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
gitlab	www.gitlab.gnome.org/GNOME/libsoup/-/issues/498

28 Apr 2026 21:34Current

CVSS 3.16.5

EPSS0.00019

CWE-191