VDB
CVE-2026-1761
CVE-2026-1761
PUBLISHED
CVSS 8.600000381469727 HIGH
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
EPSS 1.17% · 79.0th percentile
Risk Scores
CVSS v3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
EPSS Score
1.17%
79.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | *, 0:2.62.3-2.el8_6.8 |
| Red Hat | Red Hat OpenShift Dev Spaces (RHOSDS) 3.26 | *, * |
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | 0:2.72.0-10.el9_6.6, 0:2.72.0-10.el9_6.6 |
| Red Hat | Red Hat OpenShift Dev Spaces (RHOSDS) 3.26 | sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e, * |
| Red Hat | Red Hat Enterprise Linux 8 | 0:8.10-7, 0:8.10-7 |
| Red Hat | Red Hat Enterprise Linux 10 | 0:3.6.5-3.el10_1.10, *, 0:3.6.5-3.el10_1.9 |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 0:8.10-7.el8_6.1, 0:8.10-7.el8_6.1 |
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | 0:2.72.0-8.el9_2.10, 0:2.72.0-8.el9_2.10 |
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | 0:2.62.3-2.el8_4.8, * |
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support | 0:2.62.3-1.el8_2.8, 0:2.62.3-1.el8_2.8 |
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | 0:8.10-7.el8_6.1, * |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:2.72.0-8.el9_4.9, 0:2.72.0-8.el9_4.9 |
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service | 0:2.62.3-2.el8_6.8, 0:2.62.3-2.el8_6.8 |
| Red Hat | Red Hat Enterprise Linux 8 | 0:2.62.3-13.el8_10, 0:2.62.3-13.el8_10, 0:2.62.3-13.el8_10 |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 0:8.10-7.el8_4.1, 0:8.10-7.el8_4.1 |
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | 0:8.10-7.el8_8.1, 0:8.10-7.el8_8.1 |
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | 0:2.62.3-3.el8_8.8, 0:2.62.3-3.el8_8.8 |
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | 0:8.10-7.el8_8.1, 0:8.10-7.el8_8.1 |
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support | *, * |
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support | 0:3.6.5-3.el10_0.14, 0:3.6.5-3.el10_0.14 |
…and 10 more
Timeline
- Feb 2, 2026 CVE Published
- Feb 2, 2026 PoC Published
- Feb 3, 2026 EPSS Score
- Feb 5, 2026 EPSS Score
- Feb 7, 2026 EPSS Score
- Feb 10, 2026 EPSS Score
- Feb 11, 2026 EPSS Score
- Feb 12, 2026 EPSS Score
- Feb 14, 2026 EPSS Score
- Feb 16, 2026 EPSS Score
- Feb 19, 2026 EPSS Score
- Feb 21, 2026 EPSS Score
References
- RHSA-2026:1948 vendor-advisory
- RHSA-2026:2005 vendor-advisory
- RHSA-2026:2006 vendor-advisory
- RHSA-2026:2007 vendor-advisory
- RHSA-2026:2008 vendor-advisory
- RHSA-2026:2049 vendor-advisory
- RHSA-2026:2182 vendor-advisory
- RHSA-2026:2214 vendor-advisory
- RHSA-2026:2215 vendor-advisory
- RHSA-2026:2216 vendor-advisory
- RHSA-2026:2396 vendor-advisory
- RHSA-2026:2402 vendor-advisory
- RHSA-2026:2410 vendor-advisory
- RHSA-2026:2512 vendor-advisory
- RHSA-2026:2513 vendor-advisory
- RHSA-2026:2514 vendor-advisory
- RHSA-2026:2528 vendor-advisory
- RHSA-2026:2529 vendor-advisory
- RHSA-2026:2628 vendor-advisory
- RHSA-2026:2844 vendor-advisory
…and 4 more