CVE-2026-4271
Libsoup: libsoup: denial of service via use-after-free in http/2 server
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already been freed, potentially causing application instability or crashes, resulting in a Denial of Service (DoS).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Productos afectados
Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2026:15968https://access.redhat.com/errata/RHSA-2026:17482https://access.redhat.com/errata/RHSA-2026:19143https://access.redhat.com/security/cve/CVE-2026-4271https://bugzilla.redhat.com/show_bug.cgi?id=2448044https://gitlab.gnome.org/GNOME/libsoup/-/issues/496