Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
GNOME-based systems' HTTP library allows unauthorized access to memory
CVE-2026-2443
Summary
A bug in the HTTP library used by GNOME-based systems can allow a remote attacker to access sensitive information from a server's memory. This requires a specific server configuration and access to the server, which reduces the risk. To mitigate this issue, update your GNOME-based system's HTTP library to the latest version.
Original title
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges....
Original description
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.
nvd CVSS3.1
5.3
Vulnerability type
CWE-125
Out-of-bounds Read
Published: 13 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026