libsoup (SUSE:Linux Micro 6.2) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Micro 6.2 package libsoup, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (14)
CVE-2026-0719 — CVSS 8.6 (high): A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network…
CVE-2026-1761 — CVSS 8.6 (high): A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an…
CVE-2025-14523 — CVSS 8.2 (high): A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side…
CVE-2025-32049 — CVSS 7.5 (high): A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory…
CVE-2025-11021 — CVSS 7.5 (high): A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web…
CVE-2025-12105 — CVSS 7.5 (high): A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to…
CVE-2026-2369 — CVSS 6.5 (medium): A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a…
CVE-2026-1536 — CVSS 5.8 (medium): A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line…
CVE-2026-1467 — CVSS 5.8 (medium): A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when…
CVE-2026-1539 — CVSS 5.8 (medium): A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When…
CVE-2026-1760 — CVSS 5.3 (medium): A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that…
CVE-2026-2443 — CVSS 5.3 (medium): A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers…
CVE-2026-0716 — CVSS 4.8 (medium): A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where…
CVE-2026-2708 — CVSS 3.7 (low): A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in…