CVE-2026-0719
Stack-Based Buffer Overflow in Libsoup NTLM Enables Code Execution
Publication date: 2026-01-08
Last updated on: 2026-02-17
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnome | libsoup | to 3.2.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in the md4sum() function of libsoup's NTLM authentication module. When NTLM authentication is enabled, insufficient bounds checking on stack-allocated buffers allows a local attacker to overwrite adjacent memory. This can lead to arbitrary code execution with the privileges of the affected application. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow a local attacker to execute arbitrary code with the same privileges as the affected application. This could lead to unauthorized actions, data compromise, or system instability on Linux systems running vulnerable versions of libsoup, especially since several common components enable NTLM authentication by default, increasing exposure. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves identifying if vulnerable versions of libsoup with NTLM authentication enabled are present on the system. Since the vulnerability is local and related to the md4sum() function in libsoup's NTLM module, you can check for installed libsoup packages and their versions. For example, on a Linux system, use commands like 'rpm -qa | grep libsoup' or 'dpkg -l | grep libsoup' to find installed versions. Additionally, check if applications using libsoup (such as WebKit, Evolution, GVfs, gnome-online-accounts) have NTLM authentication enabled. There are no specific commands provided to detect exploitation attempts or network detection since this is a local vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating libsoup to a patched version that fixes the stack-based buffer overflow in the md4sum() function. Since the vulnerability arises when NTLM authentication is enabled, disabling NTLM authentication in affected applications (such as WebKit, Evolution, GVfs, and gnome-online-accounts) can reduce exposure. Applying security updates from your Linux distribution vendor that address this issue is recommended to prevent exploitation. [1]