CVE-2026-4271
Use-After-Free in libsoup HTTP/2 Server Causes DoS
Publication date: 2026-03-17
Last updated on: 2026-03-19
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| gnome | libsoup | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4271 is a Use-After-Free vulnerability found in the HTTP/2 server implementation of the libsoup HTTP library. It occurs in the function on_frame_recv_callback() when processing HTTP/2 frames, particularly during header handling.
During this process, an internal callback counter is incremented and signals like soup_server_message_got_headers() are emitted. If a user-defined signal handler disconnects the client connection during this callbackβsuch as when authentication failsβthe associated SoupServerMessageIOHTTP2 object may be destroyed and freed while still being referenced by the callback.
When the callback resumes, it accesses this freed memory, causing a heap use-after-free condition. This flaw can be exploited by sending specially crafted HTTP/2 requests that trigger authentication failures.
How can this vulnerability impact me? :
Exploitation of this vulnerability can cause the affected application to become unstable or crash, resulting in a Denial of Service (DoS).
Since the vulnerability is triggered by remote HTTP/2 requests, an attacker can cause service interruptions without needing local access or privileges.
This impacts all Linux systems using the vulnerable libsoup HTTP/2 server component.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for abnormal application crashes or instability in services using the libsoup HTTP/2 server component, especially when processing HTTP/2 requests.
Since the flaw is triggered by specially crafted HTTP/2 requests causing authentication failures, network detection could involve capturing and analyzing HTTP/2 traffic for unusual or malformed headers that lead to authentication errors.
Specific commands to detect this vulnerability are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps are not explicitly detailed in the provided resources.
However, general best practices would include updating the libsoup library to a patched version once available, restricting or filtering HTTP/2 traffic from untrusted sources, and monitoring application logs for crashes related to HTTP/2 request handling.