CVE-2026-0719
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network comm
CVSS
8.6
Alto
EPSS
0.6%
p43
KEV
—
Exploit Today
13
0-100
Publicado: 8 ene 2026 · Última mod.: 15 jul 2026 · CWE-121
0.6%EPSS · 30 días0.6%
2026-06-302026-07-17
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:1948
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2005
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2006
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2007
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2008
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2049
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2182
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2214
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2215
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2216
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2396
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2402
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2512
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2513
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2514
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2528
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2529
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2628
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2844
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-0719
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-510878.6 ALT94.0%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.13dCVE-2025-510885.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based buffer overflow.13dCVE-2025-510855.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument `timeZone` and `timeType` leads to stack-based buffer overflow.13dCVE-2021-271378.1 ALT91.8%
——28An issue was discovered in router/upnp/src/ssdp.c in DD-WRT before 45724. An unsafe strcpy in the UPnP handling functionality allows an unauthenticated remote attacker to send a request that would overflow an internal fixed buffer. Exploitation requires the DD-WRT user to enable UPnP (which is off by default, and only listens on internal interfaces by default). This occurs in ssdp_msearch (reachable by an M-SEARCH request).11hCVE-2025-606908.8 ALT89.1%
——27A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching <parameter>_0~3 into a fixed-size buffer (a2) without bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.13dCVE-2026-248818.1 ALT75.3%
——23In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.3d