CVE-2026-1761
Stack-Based Buffer Overflow in Libsoup Enables Remote Code Execution
Publication date: 2026-02-02
Last updated on: 2026-03-19
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnome | libsoup | to 3.2.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1761 is a stack-based buffer overflow vulnerability in libsoup that occurs during the parsing of multipart HTTP responses. The flaw is due to an incorrect length calculation in the function soup_filter_input_stream_read_until(), which causes more data to be copied than the buffer can hold. This leads to memory corruption when processing specially crafted multipart HTTP responses. [1]
How can this vulnerability impact me? :
This vulnerability can lead to application crashes or allow an attacker to execute arbitrary code remotely. It affects applications that process untrusted server responses using libsoup, and exploitation does not require authentication or user interaction. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update libsoup to a patched version that fixes the stack-based buffer overflow in multipart HTTP response parsing. Avoid processing untrusted multipart HTTP responses with vulnerable versions of libsoup until an update is applied. Monitoring for updates from your Linux distribution or libsoup maintainers and applying security patches promptly is recommended. [1]