Search CVE reports


Toggle filters

1 – 10 of 57 results


CVE-2026-15714

Medium priority
Needs evaluation

An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soup_multipart_input_stream_read_headers() function inside soup-multipart-input-stream.c, which does not adequately...

2 affected packages

libsoup2.4, libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup2.4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libsoup3 Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-15713

Medium priority
Needs evaluation

A vulnerability was found in libsoup's HTTP/2 protocol implementation. The library fails to correctly release memory context blocks under specific stream termination conditions, such as when an HTTP/2 connection encounters window...

1 affected package

libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup3 Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-15711

Medium priority
Needs evaluation

A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 ยง5.5, which mandates that all WebSocket control frames (e.g., PING, PONG, CLOSE)...

2 affected packages

libsoup2.4, libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup2.4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libsoup3 Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-15709

Medium priority
Needs evaluation

A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop (inflate()) processes data in chunks without enforcing an upper boundary limit on the output...

2 affected packages

libsoup2.4, libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup2.4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libsoup3 Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-15712

Medium priority
Needs evaluation

A heap buffer over-read vulnerability was discovered in libsoup's (versions: libsoup 3.0 to 3.7.0) HTTP/2 connection tracking framework. When the library processes an HTTP/2 GOAWAY frame, it improperly handles the "Additional...

1 affected package

libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup3 Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-12478

Medium priority
Needs evaluation

The fix for CVE-2026-0716 (commit 6ff7ef0, libsoup 3.6.6) placed the integer overflow guard inside the if (masked) block, leaving unmasked server-to-client frames unprotected. A malicious WebSocket server can send a crafted...

1 affected package

libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup3 Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-12549

Medium priority
Needs evaluation

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size,...

2 affected packages

libsoup2.4, libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup2.4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libsoup3 Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-6324

Medium priority
Needs evaluation

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the `soup_body_input_stream_read_chunked()` function by sending a malicious HTTP request. This vulnerability occurs when...

2 affected packages

libsoup2.4, libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup2.4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libsoup3 Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-2708

Medium priority
Needs evaluation

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating...

2 affected packages

libsoup2.4, libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup2.4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libsoup3 Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-5119

Medium priority

Some fixes available 7 of 11

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a...

2 affected packages

libsoup2.4, libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup2.4 Fixed Fixed Fixed Fixed Fixed
libsoup3 Needs evaluation Needs evaluation Needs evaluation
Show less packages