CVE-2026-2369: Integer Underflow (Wrap or Wraparound) in Red Hat Red Hat Enterprise Linux 10
A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.
AI Analysis
Technical Summary
An integer underflow vulnerability exists in the libsoup library used by Red Hat Enterprise Linux 10. This occurs during processing of content with a zero-length resource, leading to a buffer overread condition. The vulnerability could be exploited remotely without privileges or user interaction, potentially allowing information disclosure or denial of service at the application level. The CVSS 3.1 base score is 6.5 (medium severity), with attack vector network, low attack complexity, no privileges required, no user interaction, and impact limited to confidentiality and availability.
Potential Impact
Successful exploitation may allow an attacker to read beyond buffer boundaries, potentially exposing sensitive information or causing an application to crash, resulting in denial of service. There is no indication of integrity impact. No known exploits are reported in the wild, reducing immediate risk.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-2369 for current remediation guidance. No explicit patch or workaround information is provided in the available advisory content. Users should monitor the vendor advisory for updates and apply official fixes once available.
CVE-2026-2369: Integer Underflow (Wrap or Wraparound) in Red Hat Red Hat Enterprise Linux 10
Description
A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
An integer underflow vulnerability exists in the libsoup library used by Red Hat Enterprise Linux 10. This occurs during processing of content with a zero-length resource, leading to a buffer overread condition. The vulnerability could be exploited remotely without privileges or user interaction, potentially allowing information disclosure or denial of service at the application level. The CVSS 3.1 base score is 6.5 (medium severity), with attack vector network, low attack complexity, no privileges required, no user interaction, and impact limited to confidentiality and availability.
Potential Impact
Successful exploitation may allow an attacker to read beyond buffer boundaries, potentially exposing sensitive information or causing an application to crash, resulting in denial of service. There is no indication of integrity impact. No known exploits are reported in the wild, reducing immediate risk.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-2369 for current remediation guidance. No explicit patch or workaround information is provided in the available advisory content. Users should monitor the vendor advisory for updates and apply official fixes once available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-02-11T20:31:34.894Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-2369","vendor":"Red Hat"}]
Threat ID: 69bc0a99e32a4fbe5fcbe405
Added to database: 3/19/2026, 2:39:21 PM
Last enriched: 4/29/2026, 3:58:07 AM
Last updated: 5/3/2026, 1:04:08 AM
Views: 89
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.