CVE-2026-2436 Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake

🗓️ 26 Mar 2026 19:31:34Reported by redhatType

CVE-2026-2436: SoupServer use-after-free during TLS handshake causes denial of service.

Reporter	Title	Published	Views	Family All 22
ATTACKERKB	CVE-2026-2436	26 Mar 202619:31	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2026-1778)	8 Jun 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-2436	11 Mar 202600:00	–	nessus
Amazon	Medium: libsoup3	8 Jun 202600:00	–	amazon
CBLMariner	CVE-2026-2436 affecting package libsoup for versions less than 3.4.4-15	9 May 202603:31	–	cbl_mariner
Circl	CVE-2026-2436	26 Mar 202620:05	–	circl
CNNVD	libsoup 安全漏洞	26 Mar 202600:00	–	cnnvd
CVE	CVE-2026-2436	26 Mar 202619:31	–	cve
Debian CVE	CVE-2026-2436	26 Mar 202619:31	–	debiancve
EUVD	EUVD-2026-16342	26 Mar 202621:31	–	euvd

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup3",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2026-2436
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
gitlab	www.gitlab.gnome.org/GNOME/libsoup/-/issues/501

21 Apr 2026 16:00Current

CVSS 3.16.5

EPSS0.00085

CWE-825