Login Sign Up

CVE-2026-0719

8.6 HIGH
Denial of Service

📋 TL;DR

This vulnerability in libsoup's NTLM authentication handling allows attackers to cause denial-of-service crashes by sending extremely long passwords that trigger an integer overflow. Applications using libsoup for HTTP communication in GNOME and other environments are affected. The flaw results in incorrect stack memory allocation followed by unsafe copying operations.

💻 Affected Systems

Products:
  • libsoup
  • GNOME applications using libsoup
  • Other applications using libsoup HTTP library
Versions: Specific vulnerable versions not provided in CVE description, but Red Hat advisories indicate affected versions in their ecosystem.
Operating Systems: Linux distributions using libsoup (particularly Red Hat-based systems), Any OS running vulnerable libsoup versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using NTLM authentication with libsoup. Applications must be configured to use NTLM or accept NTLM authentication attempts.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial-of-service for applications using libsoup, potentially affecting system stability if critical services rely on these applications.

🟠

Likely Case

Application crashes and service disruption when malicious NTLM authentication attempts are made.

🟢

If Mitigated

Minimal impact with proper network controls and updated software.

🌐 Internet-Facing: MEDIUM - Requires NTLM authentication and specific conditions, but internet-facing services using libsoup could be targeted.
🏢 Internal Only: LOW - Internal exploitation would require attacker access to internal network and knowledge of vulnerable services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to send NTLM authentication requests with extremely long passwords to vulnerable applications. No authentication bypass - requires NTLM authentication context.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Red Hat advisories for specific patched versions

Vendor Advisory: https://access.redhat.com/errata/RHSA-2026:1948

Restart Required: Yes

Instructions:

1. Check your distribution's security advisories. 2. Update libsoup package using your package manager. 3. Restart affected applications/services. 4. For Red Hat systems: 'yum update libsoup' or 'dnf update libsoup' followed by service restarts.

🔧 Temporary Workarounds

Disable NTLM Authentication

linux

Configure applications to disable NTLM authentication if not required

# Application-specific configuration required
# Check application documentation for NTLM disable options

Network Filtering

linux

Block NTLM authentication attempts at network perimeter

# Example iptables rule to block NTLM traffic
# iptables -A INPUT -p tcp --dport 80 -m string --string "NTLM" --algo bm -j DROP

🧯 If You Can't Patch

  • Implement network segmentation to isolate vulnerable systems
  • Deploy WAF or IPS rules to detect and block malicious NTLM authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check libsoup version and compare against patched versions in Red Hat advisories

Check Version:

rpm -q libsoup || dpkg -l | grep libsoup || lsoup-version

Verify Fix Applied:

Verify libsoup package version matches patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Failed authentication attempts with unusually long credentials
  • libsoup error messages related to memory allocation

Network Indicators:

  • Multiple NTLM authentication attempts with long password fields
  • Unusual NTLM traffic patterns

SIEM Query:

source="application.logs" AND ("segmentation fault" OR "libsoup" OR "NTLM") AND message="*password*"

📊 Metadata

CVE ID: CVE-2026-0719
CVSS v3 Score: 8.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CWE: CWE-121
EPSS Score: 0.19% exploit probability (41th percentile)
Published: January 8, 2026
Last Updated: February 17, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-0719, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)