CVE-2026-2443

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions libsoup (affected versions not specified)

Description A flaw exists in libsoup, an HTTP library used in GNOME-based systems. Improper validation of HTTP Range headers when processing specially crafted requests can lead to out-of-bounds read access to server memory in certain configurations. Exploitation requires a vulnerable configuration and access to a server utilizing the embedded SoupServer component. The vulnerable function is handle partial get().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

AZL-77889

AZL-77894

BDU:2026-04953

CVE-2026-2443

OESA-2026-1684

OPENSUSE-SU-2026:10208-1

OPENSUSE-SU-2026:10209-1

OPENSUSE-SU-2026:20354-1

OPENSUSE-SU-2026:20384-1

SUSE-SU-2026:0657-1

SUSE-SU-2026:0658-1

SUSE-SU-2026:0689-1

SUSE-SU-2026:0690-1

SUSE-SU-2026:0703-1

SUSE-SU-2026:0834-1

SUSE-SU-2026:20529-1

SUSE-SU-2026:20649-1

SUSE-SU-2026:20752-1

SUSE-SU-2026:20902-1

Affected Products

Libsoup

CVE-2026-2443

Weakness Enumeration

Related Identifiers

Affected Products

References · 72