CVE-2026-1761
Unknown Unknown - Not Provided
Stack-Based Buffer Overflow in Libsoup Enables Remote Code Execution

Publication date: 2026-02-02

Last updated on: 2026-03-19

Assigner: Red Hat, Inc.

Description
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-02
Last Modified
2026-03-19
Generated
2026-06-16
AI Q&A
2026-02-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1761
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnome libsoup to 3.2.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1761 is a stack-based buffer overflow vulnerability in libsoup that occurs during the parsing of multipart HTTP responses. The flaw is due to an incorrect length calculation in the function soup_filter_input_stream_read_until(), which causes more data to be copied than the buffer can hold. This leads to memory corruption when processing specially crafted multipart HTTP responses. [1]

Impact Analysis

This vulnerability can lead to application crashes or allow an attacker to execute arbitrary code remotely. It affects applications that process untrusted server responses using libsoup, and exploitation does not require authentication or user interaction. [1]

Mitigation Strategies

To mitigate this vulnerability, you should update libsoup to a patched version that fixes the stack-based buffer overflow in multipart HTTP response parsing. Avoid processing untrusted multipart HTTP responses with vulnerable versions of libsoup until an update is applied. Monitoring for updates from your Linux distribution or libsoup maintainers and applying security patches promptly is recommended. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1761. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart