Red Hat Security Advisory: libsoup security update
Two security vulnerabilities have been identified in the libsoup HTTP client and server library used in GNOME, specifically affecting Red Hat Enterprise Linux 7 Extended Lifecycle Support. The first vulnerability (CVE-2026-0719) involves a signed to unsigned conversion error that leads to a stack-based buffer overflow during NTLM authentication. The second vulnerability (CVE-2026-1761) is a stack-based buffer overflow in multipart HTTP response parsing. Red Hat has issued an important security update addressing these issues for affected versions of libsoup in RHEL 7 ELS.
AI Analysis
Technical Summary
The libsoup library versions included in Red Hat Enterprise Linux 7 Extended Lifecycle Support contain two stack-based buffer overflow vulnerabilities. CVE-2026-0719 arises from a signed to unsigned conversion error in the NTLM authentication code path, which can lead to memory corruption. CVE-2026-1761 is due to improper handling of multipart HTTP responses, resulting in a stack-based buffer overflow. These vulnerabilities are classified under CWE-121 (stack-based buffer overflow). Red Hat has released security updates to fix these issues in libsoup version 2.62.2-11.el7_9 for multiple architectures and platforms under RHEL 7 ELS.
Potential Impact
Successful exploitation of these vulnerabilities could lead to stack-based buffer overflows, potentially allowing an attacker to execute arbitrary code or cause denial of service in applications using the vulnerable libsoup library. The vulnerabilities affect HTTP client and server functionality, including NTLM authentication and multipart response parsing. The security impact is rated as Important by Red Hat, indicating a high severity level but no confirmed exploits in the wild at this time.
Mitigation Recommendations
Red Hat has released updated libsoup packages (version 2.62.2-11.el7_9) for Red Hat Enterprise Linux 7 Extended Lifecycle Support that address these vulnerabilities. Users should apply these official security updates promptly to remediate the issues. For detailed update instructions, refer to Red Hat's advisory and article at https://access.redhat.com/articles/11258. No additional mitigations or workarounds are specified by Red Hat.
Red Hat Security Advisory: libsoup security update
Description
Two security vulnerabilities have been identified in the libsoup HTTP client and server library used in GNOME, specifically affecting Red Hat Enterprise Linux 7 Extended Lifecycle Support. The first vulnerability (CVE-2026-0719) involves a signed to unsigned conversion error that leads to a stack-based buffer overflow during NTLM authentication. The second vulnerability (CVE-2026-1761) is a stack-based buffer overflow in multipart HTTP response parsing. Red Hat has issued an important security update addressing these issues for affected versions of libsoup in RHEL 7 ELS.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The libsoup library versions included in Red Hat Enterprise Linux 7 Extended Lifecycle Support contain two stack-based buffer overflow vulnerabilities. CVE-2026-0719 arises from a signed to unsigned conversion error in the NTLM authentication code path, which can lead to memory corruption. CVE-2026-1761 is due to improper handling of multipart HTTP responses, resulting in a stack-based buffer overflow. These vulnerabilities are classified under CWE-121 (stack-based buffer overflow). Red Hat has released security updates to fix these issues in libsoup version 2.62.2-11.el7_9 for multiple architectures and platforms under RHEL 7 ELS.
Potential Impact
Successful exploitation of these vulnerabilities could lead to stack-based buffer overflows, potentially allowing an attacker to execute arbitrary code or cause denial of service in applications using the vulnerable libsoup library. The vulnerabilities affect HTTP client and server functionality, including NTLM authentication and multipart response parsing. The security impact is rated as Important by Red Hat, indicating a high severity level but no confirmed exploits in the wild at this time.
Mitigation Recommendations
Red Hat has released updated libsoup packages (version 2.62.2-11.el7_9) for Red Hat Enterprise Linux 7 Extended Lifecycle Support that address these vulnerabilities. Users should apply these official security updates promptly to remediate the issues. For detailed update instructions, refer to Red Hat's advisory and article at https://access.redhat.com/articles/11258. No additional mitigations or workarounds are specified by Red Hat.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:2628
- Cve Count
- 2
- Additional Cves
- ["CVE-2026-1761"]
- Cvss Version
- null
Threat ID: 6a27e9938dd33fbd8516ab97
Added to database: 6/9/2026, 10:23:15 AM
Last enriched: 6/9/2026, 10:40:48 AM
Last updated: 6/10/2026, 7:11:39 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.