CVE-2026-1761
Published: 02 February 2026
Description
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which…
more
can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely remediation of flaws, directly addressing the buffer overflow in libsoup by applying vendor patches like Red Hat errata.
SI-16 implements memory protections such as stack canaries, ASLR, and DEP to prevent exploitation of the stack-based buffer overflow leading to code execution.
SI-10 enforces validation of HTTP multipart responses to reject malformed inputs with incorrect length calculations before parsing in libsoup.
Security SummaryAI
CVE-2026-1761 is a stack-based buffer overflow vulnerability in libsoup, triggered during the parsing of multipart HTTP responses due to an incorrect length calculation. This flaw affects the libsoup library, which is used in various applications for handling HTTP communications. The issue, classified under CWE-121, has a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L), indicating high severity with potential for memory corruption.
A remote attacker can exploit this vulnerability by sending a specially crafted multipart HTTP response to applications that process untrusted server responses. No authentication or user interaction is required, allowing unauthenticated attackers with network access to trigger the buffer overflow. Successful exploitation may result in application crashes or arbitrary code execution, depending on the context and privileges of the affected process.
Red Hat has addressed this vulnerability through multiple security errata, including RHSA-2026:1948, RHSA-2026:2005, RHSA-2026:2006, RHSA-2026:2007, and RHSA-2026:2008, which provide updated packages for affected Red Hat products incorporating libsoup. Security practitioners should apply these patches promptly to mitigate the risk.
Details
- CWE(s)
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in libsoup during multipart HTTP response parsing enables remote arbitrary code execution in vulnerable client applications without authentication or user interaction.