Vulnerability DatabaseCVE-2026-4271

CVE-2026-4271:
Linux Debian vulnerability analysis and mitigation

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already been freed, potentially causing application instability or crashes, resulting in a Denial of Service (DoS).

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

7.5

Score

Published March 17, 2026

Severity HIGH

CNA Score 5.3

Affected Technologies

Linux Debian
Linux Red Hat

Has Public Exploit Yes

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 78.7

Exploitation Probability (EPSS) 1.2

Affected packages and libraries

libsoup3-devel
libsoup3-doc

Sources

NVD
Debian Security Tracker
- Debian 11, 14 Severity HIGHNo FixAdded at: Mar 17, 2026
- Debian 12, 13 Severity MEDIUMNo FixAdded at: Mar 17, 2026
Echo
- Echo Severity HIGHNo FixAdded at: Mar 18, 2026
Red Hat Errata
- Red Hat 6, 7, 8, 9, 10 Severity MEDIUMNo FixAdded at: Mar 17, 2026
Seal Security
- Red Hat 7 Severity HIGHHas FixAdded at: Mar 18, 2026

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Linux Debian vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-34827	HIGH	7.5	Ruby	ruby-rack	No	Yes	Apr 02, 2026
CVE-2026-34835	MEDIUM	4.8	Ruby	ruby-rack	No	Yes	Apr 02, 2026
CVE-2026-32762	MEDIUM	4.8	Ruby	ruby-rack	No	Yes	Apr 02, 2026
CVE-2026-34743	LOW	1.7	Linux Debian	xz-utils	No	Yes	Apr 02, 2026
CVE-2026-27456	N/A	N/A	Linux Debian	util-linux	No	No	Apr 03, 2026