libsoup2 (SUSE:Linux Enterprise Server 15 SP6-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 15 SP6-LTSS package libsoup2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (12)
CVE-2026-1761 — CVSS 8.6 (high): A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an…
CVE-2026-0719 — CVSS 8.6 (high): A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network…
CVE-2025-14523 — CVSS 8.2 (high): A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side…
CVE-2025-32049 — CVSS 7.5 (high): A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory…
CVE-2026-2369 — CVSS 6.5 (medium): A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a…
CVE-2026-1539 — CVSS 5.8 (medium): A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When…
CVE-2026-1467 — CVSS 5.8 (medium): A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when…
CVE-2026-1760 — CVSS 5.3 (medium): A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that…
CVE-2026-2443 — CVSS 5.3 (medium): A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers…
CVE-2026-0716 — CVSS 4.8 (medium): A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where…
CVE-2025-4476 — CVSS 4.3 (medium): A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client…
CVE-2026-2708 — CVSS 3.7 (low): A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in…