The libsoup library, which provides HTTP client and server functionality for GNOME, contains two stack-based buffer overflow vulnerabilities. CVE-2026-0719 is caused by a signed to unsigned conversion error in the NTLM authentication code path, potentially allowing memory corruption. CVE-2026-1761 involves a stack-based buffer overflow during multipart HTTP response parsing. Both vulnerabilities affect libsoup packages in Red Hat Enterprise Linux 9.2 and related distributions. Red Hat has issued security updates (libsoup-2.72.0-8.el9_2.10) to fix these issues. The advisory references Red Hat Security Advisory RHSA-2026:2005 for detailed patch and remediation instructions.

Successful exploitation of these vulnerabilities could lead to stack-based buffer overflows, which may allow an attacker to cause a denial of service or potentially execute arbitrary code within the context of the affected application. The vulnerabilities affect the libsoup library used in HTTP client and server operations, including NTLM authentication and multipart response parsing. No confirmed exploits in the wild have been reported, but the impact is considered important due to the nature of buffer overflow vulnerabilities.

Red Hat has released updated libsoup packages (version 2.72.0-8.el9_2.10) that address these vulnerabilities. Users of Red Hat Enterprise Linux 9.2 and related distributions should apply the security updates as described in Red Hat Security Advisory RHSA-2026:2005 and the referenced article https://access.redhat.com/articles/11258. Applying these official patches will mitigate the vulnerabilities. There is no indication that additional mitigation steps are required beyond applying the vendor-provided updates.