CVE-2026-2436

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2026-2436
https://bugzilla.redhat.com/show_bug.cgi?id=2442909
https://gitlab.gnome.org/GNOME/libsoup/-/issues/501

Configurations

No configuration.

History

30 Mar 2026, 13:26

Type	Values Removed	Values Added
Summary		(es) Se encontró un defecto en el SoupServer de libsoup. Un atacante remoto podría explotar una vulnerabilidad de uso después de liberación donde la función 'soup_server_disconnect()' libera objetos de conexión prematuramente, incluso si un handshake TLS todavía está pendiente. Si el handshake se completa después de que el objeto de conexión ha sido liberado, se accede a un puntero colgante, lo que lleva a un fallo del servidor y a una denegación de servicio.

26 Mar 2026, 21:17

Type	Values Removed	Values Added
References		() https://gitlab.gnome.org/GNOME/libsoup/-/issues/501 -

26 Mar 2026, 20:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-26 20:16

Updated : 2026-03-30 13:26

NVD link : CVE-2026-2436

Mitre link : CVE-2026-2436

CVE.ORG link : CVE-2026-2436

JSON object : View

Products Affected

No product.

CWE

CWE-825

Expired Pointer Dereference

6.5 /10