CVE-2026-4271 MEDIUM

CVE-2026-4271: Libsoup: libsoup: denial of service via use-after-free in http/2 server

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-416
Published March 17, 2026
Last update May 19, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already been freed, potentially causing application instability or crashes, resulting in a Denial of Service (DoS).

Key dates

02Disclosure timeline

March 17, 2026 CVE published
May 19, 2026 Record updated