CVE-2026-2436

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a T

Description

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service.

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
ibm	ibm app connect enterprise	cert_advisory	90%

References

Related News (2 articles)

Tier B

BSI Advisories2h ago

[NEU] [hoch] IBM App Connect Enterprise: Mehrere Schwachstellen

→ No new info (linked only)

Tier A

Microsoft MSRC6d ago

CVE-2026-2436 Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake

→ No new info (linked only)

CVSS 3.16.5 MEDIUM

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-825

PublishedMar 26, 2026

Last enriched6d ago

Trending Score34

Source articles2

Independent2

Info Completeness5/14

Missing: vendor, product, versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 26, 2026

Discovered by ZDM

Apr 1, 2026