CVE-2026-2436
Received Received - Intake
Use-After-Free in libsoup SoupServer Causes Remote DoS

Publication date: 2026-03-26

Last updated on: 2026-04-21

Assigner: Red Hat, Inc.

Description
A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-04-21
Generated
2026-06-16
AI Q&A
2026-03-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-2436
EUVD
EUVD-2026-16342
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
gnome libsoup *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-825 The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability is a use-after-free flaw in libsoup's SoupServer component. It occurs because the function soup_server_disconnect() prematurely frees connection objects even if a TLS handshake is still ongoing. Since the TLS handshake happens asynchronously, when it completes, a callback tries to access the already freed connection object, causing a crash.

Specifically, if soup_server_disconnect() is called during a pending TLS handshake (for example, during a server restart), it frees the connection objects. Later, when the handshake completes, the callback accesses these freed objects, leading to a server crash and denial of service.

Impact Analysis

This vulnerability can cause a denial of service (DoS) on servers using libsoup's SoupServer. An attacker can trigger the flaw remotely, causing the server to crash by exploiting the use-after-free condition during the TLS handshake process.

As a result, the affected server becomes unavailable, potentially disrupting services and impacting availability for legitimate users.

Detection Guidance

This vulnerability causes a denial of service by crashing the libsoup SoupServer component when a use-after-free condition occurs during the TLS handshake. Detection would involve monitoring for unexpected crashes or restarts of services using libsoup's SoupServer, especially during TLS handshakes.

Since the issue is triggered by asynchronous TLS handshakes completing after connection objects have been freed, you can look for crash logs or core dumps related to libsoup or SoupServer.

There are no specific commands provided in the resources to detect this vulnerability directly.

Mitigation Strategies

The resources do not provide explicit mitigation steps for this vulnerability.

However, general immediate mitigation for a use-after-free denial of service in libsoup's SoupServer would include avoiding restarting the server or disconnecting connections while TLS handshakes are still pending.

Applying any available patches or updates from your Linux distribution or libsoup maintainers as soon as they are released is recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2436. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart