CVE-2026-2436
Use-After-Free in libsoup SoupServer Causes Remote DoS
Publication date: 2026-03-26
Last updated on: 2026-04-21
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| gnome | libsoup | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-825 | The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability is a use-after-free flaw in libsoup's SoupServer component. It occurs because the function soup_server_disconnect() prematurely frees connection objects even if a TLS handshake is still ongoing. Since the TLS handshake happens asynchronously, when it completes, a callback tries to access the already freed connection object, causing a crash.
Specifically, if soup_server_disconnect() is called during a pending TLS handshake (for example, during a server restart), it frees the connection objects. Later, when the handshake completes, the callback accesses these freed objects, leading to a server crash and denial of service.
How can this vulnerability impact me? :
This vulnerability can cause a denial of service (DoS) on servers using libsoup's SoupServer. An attacker can trigger the flaw remotely, causing the server to crash by exploiting the use-after-free condition during the TLS handshake process.
As a result, the affected server becomes unavailable, potentially disrupting services and impacting availability for legitimate users.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability causes a denial of service by crashing the libsoup SoupServer component when a use-after-free condition occurs during the TLS handshake. Detection would involve monitoring for unexpected crashes or restarts of services using libsoup's SoupServer, especially during TLS handshakes.
Since the issue is triggered by asynchronous TLS handshakes completing after connection objects have been freed, you can look for crash logs or core dumps related to libsoup or SoupServer.
There are no specific commands provided in the resources to detect this vulnerability directly.
What immediate steps should I take to mitigate this vulnerability?
The resources do not provide explicit mitigation steps for this vulnerability.
However, general immediate mitigation for a use-after-free denial of service in libsoup's SoupServer would include avoiding restarting the server or disconnecting connections while TLS handshakes are still pending.
Applying any available patches or updates from your Linux distribution or libsoup maintainers as soon as they are released is recommended.