CVE-2026-1761
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an
CVSS
8.6
Alto
EPSS
0.9%
p57
KEV
—
Exploit Today
17
0-100
Publicado: 2 feb 2026 · Última mod.: 15 jul 2026 · CWE-121
0.9%EPSS · 30 días0.9%
2026-06-302026-07-16
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:1948
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2005
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2006
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2007
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2008
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2049
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2182
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2214
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2215
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2216
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2396
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2402
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2410
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2512
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2513
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2514
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2528
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2529
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2628
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:2844
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-510878.6 ALT94.0%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.12dCVE-2025-510885.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based buffer overflow.12dCVE-2025-510855.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument `timeZone` and `timeType` leads to stack-based buffer overflow.12dCVE-2025-606908.8 ALT89.1%
——27A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching <parameter>_0~3 into a fixed-size buffer (a2) without bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.12dCVE-2026-248818.1 ALT75.2%
——23In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.2dCVE-2026-503877.8 ALT75.0%
——22Stack-based buffer overflow in Windows GDI allows an authorized attacker to elevate privileges locally.1d