CVE-2026-2369

A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2026-2369	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2439091	Issue Tracking Third Party Advisory
https://gitlab.gnome.org/GNOME/libsoup/-/issues/498	Issue Tracking Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*

History

28 Apr 2026, 21:29

Type	Values Removed	Values Added
Summary		(es) Se encontró un fallo en libsoup. Una vulnerabilidad de subdesbordamiento de enteros ocurre al procesar contenido con un recurso de longitud cero, lo que lleva a una lectura excesiva del búfer. Esto puede permitir a un atacante acceder potencialmente a información sensible o causar una denegación de servicio a nivel de aplicación.
First Time		Gnome Gnome libsoup
CPE		cpe:2.3:a:gnome:libsoup:-:::::::*
References	~~() https://access.redhat.com/security/cve/CVE-2026-2369 -~~	() https://access.redhat.com/security/cve/CVE-2026-2369 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2439091 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2439091 - Issue Tracking, Third Party Advisory
References	~~() https://gitlab.gnome.org/GNOME/libsoup/-/issues/498 -~~	() https://gitlab.gnome.org/GNOME/libsoup/-/issues/498 - Issue Tracking, Patch

19 Mar 2026, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-19 15:16

Updated : 2026-04-28 21:29

NVD link : CVE-2026-2369

Mitre link : CVE-2026-2369

CVE.ORG link : CVE-2026-2369

JSON object : View

Products Affected

gnome

libsoup

CWE

CWE-191

Integer Underflow (Wrap or Wraparound)

{"id": "CVE-2026-2369", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2026-03-19T15:16:25.603", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-2369", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439091", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/498", "tags": ["Issue Tracking", "Patch"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-191"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en libsoup. Una vulnerabilidad de subdesbordamiento de enteros ocurre al procesar contenido con un recurso de longitud cero, lo que lleva a una lectura excesiva del b\u00fafer. Esto puede permitir a un atacante acceder potencialmente a informaci\u00f3n sensible o causar una denegaci\u00f3n de servicio a nivel de aplicaci\u00f3n."}], "lastModified": "2026-04-28T21:29:20.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5BAC4F4-3ACD-4F4D-920C-F920FD2C5472"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}