Cyber Resilience

CVE-2026-1761

HighUpdated

Published: 02 February 2026

Published
02 February 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
EPSS Score 0.0095 56.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-1761 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Gnome (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 43.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

A stack-based buffer overflow vulnerability, tracked as CVE-2026-1761, exists in libsoup and is triggered during parsing of multipart HTTP responses because of an incorrect length calculation. The flaw is assigned CWE-121 and carries a CVSS 3.1 score of 8.6, reflecting network attackability without authentication or user interaction.

A remote attacker can exploit the issue by returning a specially crafted multipart HTTP response to any application that uses libsoup to process untrusted server data. Successful exploitation produces memory corruption that may cause application crashes or allow arbitrary code execution on the affected client.

Red Hat has published a series of advisories (RHSA-2026:1948, RHSA-2026:2005, RHSA-2026:2006, RHSA-2026:2007, and RHSA-2026:2008) that address the flaw; applying the corresponding package updates is the documented mitigation. The associated EPSS scores remain low, with a current value of 0.0126 and a peak of 0.0163.

EU & UK References

Vulnerability details

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which…

more

can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Stack-based buffer overflow in libsoup during multipart HTTP response parsing enables remote arbitrary code execution in vulnerable client applications without authentication or user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-54480Shared CWE-121
CVE-2025-69195Shared CWE-121
CVE-2026-43661Shared CWE-121
CVE-2019-25321Shared CWE-121
CVE-2026-33554Shared CWE-121
CVE-2024-34579Shared CWE-121
CVE-2020-37142Shared CWE-121
CVE-2020-37181Shared CWE-121
CVE-2019-25365Shared CWE-121
CVE-2020-37095Shared CWE-121

Affected Assets

Gnome
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of vendor patches that remediate the libsoup buffer-overflow flaw before exploitation.

prevent

Mandates validation of input length and structure, which would block the malformed multipart HTTP responses that trigger the incorrect length calculation.

prevent

Requires memory-protection mechanisms that can contain or block exploitation of the stack-based overflow leading to memory corruption or code execution.

References