VDB
DEBIAN-CVE-2026-2443
DEBIAN-CVE-2026-2443
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | libsoup3 | 3.6.5-8, 3.6.5-7, 3.6.5-6 |
| Debian:11 | libsoup2.4 | 2.74.2-2, 2.74.2-1, 2.74.1-1 |
| Debian:12 | libsoup2.4 | 2.74.3-10.1, 0, 2.74.3-1 |
| Debian:13 | libsoup2.4 | 2.74.3-11, 2.74.3-10.1, 0 |
| Debian:14 | libsoup3 | 3.6.5-6, 3.6.5-7, 3.6.5-8 |
| Debian:12 | libsoup3 | 3.4.4-5, 3.4.4-4, 3.4.4-3 |
Timeline
- Feb 13, 2026 CVE Published
- Apr 28, 2026 CVE Updated