VDB
CVE-2026-0716
CVE-2026-0716
PUBLISHED
CVSS 4.800000190734863 MEDIUM
A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash. Applications using libsoup’s WebSocket support with this configuration may be impacted.
EPSS 0.07% · 21.9th percentile
Risk Scores
CVSS 3.1
4.800000190734863
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
EPSS Score
0.07%
21.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat Enterprise Linux 10 |
Exploit Intelligence
- CIRCL seen: CVE-2026-0716 (circl-sighting)
- CIRCL seen: CVE-2026-0716 (circl-sighting)
- https://access.redhat.com/security/cve/CVE-2026-0716 (circl)
- RHBZ#2427896 (circl)
- https://gitlab.gnome.org/GNOME/libsoup/-/issues/476 (circl)
- websocket-test.c (github-poc)
- ghost_report_20260112_192608.json (github-poc)
- websocket-test.c (github-poc)
- websocket-test.c (github-poc)
- websocket-test.c (github-poc)
…and 31 more exploits
Timeline
- Jan 8, 2026 CVE ID Reserved
- Jan 13, 2026 CVE Published
- Jan 14, 2026 EPSS Score
- Jan 14, 2026 PoC Published
- Jan 14, 2026 CVE Updated
- Jan 14, 2026 PoC Published
- Jan 17, 2026 EPSS Score
- Jan 20, 2026 EPSS Score
- Jan 23, 2026 EPSS Score
- Jan 26, 2026 EPSS Score
- Jan 29, 2026 EPSS Score
- Feb 1, 2026 EPSS Score