CVE-2026-0719 identifies a stack-based buffer overflow vulnerability within the NTLM authentication module of libsoup, a GNOME HTTP client/server library, as used in Red Hat Enterprise Linux 10. The vulnerability specifically resides in the md4sum() function, which is responsible for computing MD4 hashes during NTLM authentication processes. When NTLM authentication is enabled, a local attacker with limited privileges can exploit this flaw by providing crafted input that overflows a stack buffer, overwriting adjacent memory. This memory corruption can lead to arbitrary code execution under the context of the affected application, potentially escalating privileges or compromising system integrity. The vulnerability requires local access and does not need user interaction, making it a direct threat to systems where NTLM authentication is active. The CVSS v3.1 base score of 7.8 reflects high severity, with metrics indicating low attack complexity, low privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk due to the widespread use of Red Hat Enterprise Linux in enterprise environments. The absence of linked patches suggests that remediation is pending, emphasizing the need for immediate risk mitigation. The flaw’s exploitation could allow attackers to execute arbitrary code, potentially leading to full system compromise, data breaches, or disruption of critical services.

For European organizations, this vulnerability presents a substantial risk, particularly for those relying on Red Hat Enterprise Linux 10 in critical infrastructure, government, finance, and enterprise IT environments. Exploitation could lead to unauthorized code execution, enabling attackers to escalate privileges, access sensitive data, or disrupt services. Given the local access requirement, insider threats or attackers who have gained initial footholds could leverage this vulnerability to deepen their control over systems. The high impact on confidentiality, integrity, and availability could result in data breaches, operational downtime, and loss of trust. Organizations using NTLM authentication in mixed Windows/Linux environments may be particularly vulnerable, as NTLM is often used for legacy authentication compatibility. The lack of current exploits provides a window for proactive mitigation, but the absence of patches increases urgency for risk management. Failure to address this vulnerability could expose European entities to espionage, sabotage, or ransomware attacks, especially in sectors with high-value targets.

1. Immediately audit and identify systems running Red Hat Enterprise Linux 10 with NTLM authentication enabled. 2. Disable NTLM authentication where feasible, replacing it with more secure authentication mechanisms such as Kerberos or modern OAuth-based protocols. 3. Restrict local access to trusted administrators and users to minimize the risk of exploitation by local attackers. 4. Monitor system logs and authentication attempts for unusual activity indicative of exploitation attempts. 5. Apply vendor patches promptly once they are released by Red Hat; subscribe to Red Hat security advisories for updates. 6. Employ application whitelisting and runtime protection tools to detect and prevent arbitrary code execution. 7. Conduct regular vulnerability scans and penetration tests focusing on authentication modules and local privilege escalation vectors. 8. Educate system administrators on the risks of enabling legacy authentication protocols and the importance of patch management. 9. Implement strict access controls and segmentation to limit the impact of a compromised system. 10. Prepare incident response plans specifically addressing local privilege escalation and code execution scenarios.