CVE-2026-0719
Unknown Unknown - Not Provided
Stack-Based Buffer Overflow in Libsoup NTLM Enables Code Execution

Publication date: 2026-01-08

Last updated on: 2026-02-17

Assigner: Red Hat, Inc.

Description
A flaw was found in libsoup's NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-based buffer overflow vulnerability in the md4sum() function. This allows the attacker to overwrite adjacent memory, which may result in arbitrary code execution with the privileges of the affected application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-08
Last Modified
2026-02-17
Generated
2026-06-16
AI Q&A
2026-01-08
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0719
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnome libsoup to 3.2.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stack-based buffer overflow in the md4sum() function of libsoup's NTLM authentication module. When NTLM authentication is enabled, insufficient bounds checking on stack-allocated buffers allows a local attacker to overwrite adjacent memory. This can lead to arbitrary code execution with the privileges of the affected application. [1]

Impact Analysis

If exploited, this vulnerability can allow a local attacker to execute arbitrary code with the same privileges as the affected application. This could lead to unauthorized actions, data compromise, or system instability on Linux systems running vulnerable versions of libsoup, especially since several common components enable NTLM authentication by default, increasing exposure. [1]

Detection Guidance

Detection involves identifying if vulnerable versions of libsoup with NTLM authentication enabled are present on the system. Since the vulnerability is local and related to the md4sum() function in libsoup's NTLM module, you can check for installed libsoup packages and their versions. For example, on a Linux system, use commands like 'rpm -qa | grep libsoup' or 'dpkg -l | grep libsoup' to find installed versions. Additionally, check if applications using libsoup (such as WebKit, Evolution, GVfs, gnome-online-accounts) have NTLM authentication enabled. There are no specific commands provided to detect exploitation attempts or network detection since this is a local vulnerability. [1]

Mitigation Strategies

Immediate mitigation steps include updating libsoup to a patched version that fixes the stack-based buffer overflow in the md4sum() function. Since the vulnerability arises when NTLM authentication is enabled, disabling NTLM authentication in affected applications (such as WebKit, Evolution, GVfs, and gnome-online-accounts) can reduce exposure. Applying security updates from your Linux distribution vendor that address this issue is recommended to prevent exploitation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0719. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart