CVE-2026-0716 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-0716 PUBLISHED CVSS 4.800000190734863 MEDIUM

A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash. Applications using libsoup’s WebSocket support with this configuration may be impacted.

EPSS 0.05% · 17.2th percentile

Risk Scores

CVSS v3.1

4.800000190734863

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

EPSS Score

0.05%

17.2th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux 8
Red Hat	Red Hat Enterprise Linux 6
Red Hat	Red Hat Enterprise Linux 7
Red Hat	Red Hat Enterprise Linux 9
Red Hat	Red Hat Enterprise Linux 10

Timeline

Jan 8, 2026 CVE ID Reserved
Jan 13, 2026 CVE Published
Jan 14, 2026 EPSS Score
Jan 14, 2026 PoC Published
Jan 14, 2026 CVE Updated
Jan 14, 2026 PoC Published
Jan 16, 2026 EPSS Score
Jan 19, 2026 EPSS Score
Jan 21, 2026 EPSS Score
Jan 24, 2026 EPSS Score
Jan 26, 2026 EPSS Score
Jan 28, 2026 EPSS Score

References

Open in Interactive Console →