suse · CVE-2026-4271

Quick triage

Priority: high Published: 2026-04-16 13:36:29 UTC Updated: 2026-04-16 13:36:29 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2026-4271 severity important: SUSE including 12 source package names (libsoup, libsoup-2_4-1, …), 127 product×package rows across 23 product lines (SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS, SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS, … (23 product lines)): Known Not Affected 127.

Description:

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already been freed, potentially causing application instability or crashes, resulting in a Denial of Service (DoS).

cvelogic Threat Intelligence