CVE-2026-1761

8.6 HIGH

Published: February 02, 2026 Modified: March 19, 2026

Description

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:1948

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2005

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2006

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2007

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2008

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2049

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2182

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2214

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2215

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2216

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2396

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2402

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2410

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2512

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2513

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2514

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2528

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2529

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2628

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:2844

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2026-1761

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2435961

Source: secalert@redhat.com

https://gitlab.gnome.org/GNOME/libsoup/-/issues/493

Source: secalert@redhat.com

23 reference(s) from NVD

Quick Stats

CVSS v3 Score

8.6 / 10.0

EPSS (Exploit Probability)

1.4%

80th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-121

Related CVEs

CVE-2026-4555 8.8

CVE-2026-4554 6.3

CVE-2026-33319 5.9

CVE-2026-33296 N/A

CVE-2026-33295 N/A