CVE-2026-1761
Published: 02 February 2026
Summary
CVE-2026-1761 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Gnome (inferred from references). Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 43.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
A stack-based buffer overflow vulnerability, tracked as CVE-2026-1761, exists in libsoup and is triggered during parsing of multipart HTTP responses because of an incorrect length calculation. The flaw is assigned CWE-121 and carries a CVSS 3.1 score of 8.6, reflecting network attackability without authentication or user interaction.
A remote attacker can exploit the issue by returning a specially crafted multipart HTTP response to any application that uses libsoup to process untrusted server data. Successful exploitation produces memory corruption that may cause application crashes or allow arbitrary code execution on the affected client.
Red Hat has published a series of advisories (RHSA-2026:1948, RHSA-2026:2005, RHSA-2026:2006, RHSA-2026:2007, and RHSA-2026:2008) that address the flaw; applying the corresponding package updates is the documented mitigation. The associated EPSS scores remain low, with a current value of 0.0126 and a peak of 0.0163.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-5104
Vulnerability details
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which…
more
can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in libsoup during multipart HTTP response parsing enables remote arbitrary code execution in vulnerable client applications without authentication or user interaction.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of vendor patches that remediate the libsoup buffer-overflow flaw before exploitation.
Mandates validation of input length and structure, which would block the malformed multipart HTTP responses that trigger the incorrect length calculation.
Requires memory-protection mechanisms that can contain or block exploitation of the stack-based overflow leading to memory corruption or code execution.