CVE-2026-2436

Medium CVSS: 6.5

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service.

Vendor

Product

CWE

CWE-825

Yayın Tarihi

2026-03-26 20:16:11

Güncelleme

2026-03-30 13:26:50

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-825 MEDIUM 2026

Referanslar

https://access.redhat.com/security/cve/CVE-2026-2436 https://bugzilla.redhat.com/show_bug.cgi?id=2442909 https://gitlab.gnome.org/GNOME/libsoup/-/issues/501