cvedb.io
CVE-2026-2443
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2026-02-13T12:16:09.107 · Last modified 2026-06-17T10:30:57.977

Summary

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.

Affected products

gnome — libsoup

Does this affect you?

Add your gear to cvedb and we'll alert you only when gnome ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.