PT-2026-2637 · Gnome+1 · Libsoup3+2

Published

2025-10-29

Updated

2026-05-15

CVE-2026-0716

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions libsoup2.4, libsoup3 (affected versions not specified)

Description A flaw exists in libsoup’s WebSocket frame processing when handling incoming messages. When the maximum incoming payload size is not set to a default value, the library may read memory outside the intended bounds, potentially leading to memory exposure or a crash. Applications utilizing libsoup’s WebSocket support with this configuration may be affected.

Recommendations Set the max incoming payload size parameter to a value greater than 0. Update libsoup to the latest available version.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-805

Related Identifiers

AZL-74640

AZL-74643

BDU:2026-04955

CVE-2026-0716

ECHO-14E3-A93D-99BA

OESA-2026-2337

OESA-2026-2338

OESA-2026-2339

OPENSUSE-SU-2026:10040-1

OPENSUSE-SU-2026:10166-1

OPENSUSE-SU-2026:20142-1

OPENSUSE-SU-2026:20354-1

SUSE-SU-2026:0211-1

SUSE-SU-2026:0257-1

SUSE-SU-2026:0418-1

SUSE-SU-2026:0497-1

SUSE-SU-2026:0574-1

SUSE-SU-2026:0703-1

SUSE-SU-2026:0847-1

SUSE-SU-2026:0886-1

SUSE-SU-2026:0894-1

SUSE-SU-2026:1004-1

SUSE-SU-2026:1178-1

SUSE-SU-2026:1179-1

SUSE-SU-2026:20205-1

SUSE-SU-2026:20212-1

SUSE-SU-2026:20245-1

SUSE-SU-2026:20360-1

SUSE-SU-2026:20737-1

Affected Products

Debian

Libsoup2.4

Libsoup3

PT-2026-2637 · Gnome+1 · Libsoup3+2

CVE-2026-0716

Weakness Enumeration

Related Identifiers

Affected Products

References · 99