CVE-2026-4271

🔶 medium

Summary

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already been freed, potentially causing application instability or crashes, resulting in a Denial of Service (DoS).

CVSS Score

5.3

Medium

EPSS Score

1.0

Exploit Probability

Published Date

2026-03-17

First Seen: 2026-03-18

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.8% of all 318,332 vulnerabilities in our database.

#255,199

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Mar 17, 2026

🔍 Exploitation Status

Poc

Proof-of-concept available

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Partial

Limited system impact

🏆 Discovered By

Red Hat would like to thank fouzhe for reporting this issue.

SSVC data provided by CISA

Last Modified 2026-03-19

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE IDs (Weakness Types)

CWE-416

📦 Affected Products 6

Vendor	Product	Status	Affected Versions
redhat	enterprise_linux	Affected	v10.0
redhat	enterprise_linux	Affected	v6.0
redhat	enterprise_linux	Affected	v7.0
redhat	enterprise_linux	Affected	v8.0
redhat	enterprise_linux	Affected	v9.0
gnome	libsoup	Affected	v-

🔗 References 3

https://access.redhat.com/security/cve/CVE-2026-4271

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2448044

Issue Tracking Vendor Advisory

https://gitlab.gnome.org/GNOME/libsoup/-/issues/496

Exploit Issue Tracking Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-4647	🔶 medium	6.1	0.0	A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files...	2026-03-23
CVE-2026-3632	ℹ️ low	3.9	0.1	A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because ...	2026-03-17
CVE-2026-3633	ℹ️ low	3.9	0.0	A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function...	2026-03-17
CVE-2026-3634	ℹ️ low	3.9	0.0	A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage...	2026-03-17
CVE-2026-3441	🔶 medium	6.1	0.0	A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in t...	2026-03-16
CVE-2026-3442	🔶 medium	6.1	0.0	A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, ...	2026-03-16

These CVEs affect the same products