CVE-2026-1761

NameCVE-2026-1761
DescriptionA flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1126877

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libsoup2.4 (PTS)bullseye2.72.0-2vulnerable
bullseye (security)2.72.0-2+deb11u3vulnerable
bookworm2.74.3-1+deb12u1vulnerable
trixie2.74.3-10.1vulnerable
libsoup3 (PTS)bookworm3.2.3-0+deb12u2vulnerable
trixie3.6.5-3vulnerable
forky3.6.5-7vulnerable
sid3.6.5-9fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libsoup2.4source(unstable)(unfixed)
libsoup3source(unstable)3.6.5-81126877

Notes

[trixie] - libsoup3 <no-dsa> (Minor issue)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
[trixie] - libsoup2.4 <no-dsa> (Minor issue)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
https://gitlab.gnome.org/GNOME/libsoup/-/issues/493
Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/cfa9d90d1a5c274233554a264c56551c13d6a6f0
Search for package or bug name: Reporting problems