CVE-2026-0719

Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.

An update for spice-client-win is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.

*Credits: Red Hat would like to thank treeplus for reporting this issue.

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2026-01-08 CVE Reserved
2026-01-08 CVE Published
2026-02-18 EPSS Updated
2026-02-26 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-121: Stack-based Buffer Overflow

CAPEC

References (22)

URL	Tag	Source
https://access.redhat.com/security/cve/CVE-2026-0719	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=2427906	Issue Tracking
https://gitlab.gnome.org/GNOME/libsoup/-/issues/477

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2026:1948	2026-02-26
https://access.redhat.com/errata/RHSA-2026:2005	2026-02-26
https://access.redhat.com/errata/RHSA-2026:2006	2026-02-26
https://access.redhat.com/errata/RHSA-2026:2007	2026-02-26
https://access.redhat.com/errata/RHSA-2026:2008	2026-02-26
https://access.redhat.com/errata/RHSA-2026:2049	2026-02-26
https://access.redhat.com/errata/RHSA-2026:2182	2026-02-26
https://access.redhat.com/errata/RHSA-2026:2214	2026-02-26
https://access.redhat.com/errata/RHSA-2026:2215	2026-02-26
https://access.redhat.com/errata/RHSA-2026:2216	2026-02-26
https://access.redhat.com/errata/RHSA-2026:2396	2026-02-26
https://access.redhat.com/errata/RHSA-2026:2402	2026-02-26
https://access.redhat.com/errata/RHSA-2026:2512	2026-02-26
https://access.redhat.com/errata/RHSA-2026:2513	2026-02-26
https://access.redhat.com/errata/RHSA-2026:2514	2026-02-26
https://access.redhat.com/errata/RHSA-2026:2528	2026-02-26
https://access.redhat.com/errata/RHSA-2026:2529	2026-02-26
https://access.redhat.com/errata/RHSA-2026:2628	2026-02-26
https://access.redhat.com/errata/RHSA-2026:2844	2026-02-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Linux Search vendor "Oracle" for product "Linux"				*		-		Affected
Red Hat Search vendor "Red Hat"		Enterprise Linux Search vendor "Red Hat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Aus Search vendor "Redhat" for product "Rhel Aus"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel E4s Search vendor "Redhat" for product "Rhel E4s"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Eus Search vendor "Redhat" for product "Rhel Eus"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Eus Long Life Search vendor "Redhat" for product "Rhel Eus Long Life"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Tus Search vendor "Redhat" for product "Rhel Tus"				*		-		Affected
Alibabacloud Search vendor "Alibabacloud"		Alibaba Cloud Linux 3 Search vendor "Alibabacloud" for product "Alibaba Cloud Linux 3"				*		-		Affected
Alma Search vendor "Alma"		Linux Search vendor "Alma" for product "Linux"				*		-		Affected
Amazon Search vendor "Amazon"		Linux Search vendor "Amazon" for product "Linux"				*		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				*		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				*		-		Affected
Miracle Search vendor "Miracle"		Linux Search vendor "Miracle" for product "Linux"				*		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				*		-		Affected
Oracle Search vendor "Oracle"		Linux Search vendor "Oracle" for product "Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Aus Search vendor "Redhat" for product "Rhel Aus"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel E4s Search vendor "Redhat" for product "Rhel E4s"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Els Search vendor "Redhat" for product "Rhel Els"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Eus Search vendor "Redhat" for product "Rhel Eus"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Eus Long Life Search vendor "Redhat" for product "Rhel Eus Long Life"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Tus Search vendor "Redhat" for product "Rhel Tus"				*		-		Affected
Rocky Search vendor "Rocky"		Linux Search vendor "Rocky" for product "Linux"				*		-		Affected
Suse Search vendor "Suse"		Sle-module-basesystem Search vendor "Suse" for product "Sle-module-basesystem"				*		-		Affected
Suse Search vendor "Suse"		Sle Hpc-espos Search vendor "Suse" for product "Sle Hpc-espos"				*		-		Affected
Suse Search vendor "Suse"		Sle Hpc-ltss Search vendor "Suse" for product "Sle Hpc-ltss"				*		-		Affected
Suse Search vendor "Suse"		Sle Hpc Search vendor "Suse" for product "Sle Hpc"				*		-		Affected
Suse Search vendor "Suse"		Sled Search vendor "Suse" for product "Sled"				*		-		Affected
Suse Search vendor "Suse"		Sles-ltss-extended-security Search vendor "Suse" for product "Sles-ltss-extended-security"				*		-		Affected
Suse Search vendor "Suse"		Sles-ltss Search vendor "Suse" for product "Sles-ltss"				*		-		Affected
Suse Search vendor "Suse"		Sles Search vendor "Suse" for product "Sles"				*		-		Affected
Suse Search vendor "Suse"		Sles Sap Search vendor "Suse" for product "Sles Sap"				*		-		Affected