CVE-2026-4271

Summary

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already been freed, potentially causing application instability or crashes, resulting in a Denial of Service (DoS).

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 100:3.6.5-3.el10_1.11 < *unaffected
Red HatRed Hat Enterprise Linux 100:3.6.5-3.el10_2.11 < *unaffected
Red HatRed Hat Enterprise Linux 10.0 Extended Update Support0:3.6.5-3.el10_0.15 < *unaffected

Weaknesses

  • CWE-416: Use After Free

Workarounds

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References