PT-2026-57999 · Red Hat · Red Hat Enterprise Linux 10

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2026-12478

CVSS v3.1

4.8

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
The fix for CVE-2026-0716 (commit 6ff7ef0, libsoup 3.6.6) placed the integer overflow guard inside the if (masked) block, leaving unmasked server-to-client frames unprotected. A malicious WebSocket server can send a crafted unmasked frame with a payload length near UINT64 MAX to trigger an OOB read in a libsoup-based client when max incoming payload size is set to 0.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-12478

Affected Products

Red Hat Enterprise Linux 10