{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/libsoup/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-15709"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["libsoup"],"_cs_severities":["low"],"_cs_tags":["denial-of-service","vulnerability","libsoup"],"_cs_type":"advisory","_cs_vendors":["The libsoup project"],"content_html":"\u003cp\u003eA significant remote denial of service vulnerability, identified as CVE-2026-15709, has been disclosed within the \u003ccode\u003elibsoup\u003c/code\u003e library. This vulnerability specifically impacts the \u003ccode\u003elibsoup\u003c/code\u003e implementation of the websocket \u003ccode\u003epermessage-deflate\u003c/code\u003e extension, which is designed to compress websocket messages. The flaw lies in an unbounded decompression mechanism, meaning that when a specially crafted, highly compressed message is received, the \u003ccode\u003elibsoup\u003c/code\u003e library attempts to decompress it without adequate resource limits. This uncontrolled decompression leads to excessive consumption of memory and CPU resources on the server. If successfully exploited, this can render the affected application or even the entire system unresponsive, causing a denial of service and disrupting critical operations. Given \u003ccode\u003elibsoup\u003c/code\u003e's role as a fundamental HTTP client/server library, numerous applications could be at risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a publicly accessible application utilizing the vulnerable \u003ccode\u003elibsoup\u003c/code\u003e library for websocket communication.\u003c/li\u003e\n\u003cli\u003eThe attacker establishes a websocket connection with the target application.\u003c/li\u003e\n\u003cli\u003eDuring the websocket handshake, the attacker negotiates the use of the \u003ccode\u003epermessage-deflate\u003c/code\u003e extension.\u003c/li\u003e\n\u003cli\u003eThe attacker sends specially crafted, highly compressed websocket messages through the established connection.\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003elibsoup\u003c/code\u003e library on the server attempts to decompress these messages.\u003c/li\u003e\n\u003cli\u003eDue to the unbounded decompression vulnerability (CVE-2026-15709), the decompression process consumes an inordinate amount of server memory and CPU.\u003c/li\u003e\n\u003cli\u003eThe target application's resources are exhausted, causing it to become unresponsive or crash, leading to a denial of service for legitimate users.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eA successful exploitation of CVE-2026-15709 would result in the denial of service for applications or systems relying on the vulnerable \u003ccode\u003elibsoup\u003c/code\u003e library. This can lead to severe operational disruptions, causing downtime for services, loss of productivity, and potential financial impact for organizations. While no specific victim counts or sectors are currently disclosed, any service utilizing the affected \u003ccode\u003elibsoup\u003c/code\u003e version that handles websocket connections with \u003ccode\u003epermessage-deflate\u003c/code\u003e is potentially vulnerable to resource exhaustion and service unavailability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-15709 on all systems using the \u003ccode\u003elibsoup\u003c/code\u003e library immediately to mitigate the remote denial of service vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-17T07:09:20Z","date_published":"2026-07-17T07:09:20Z","id":"https://feed.craftedsignal.io/briefs/2026-07-libsoup-websocket-dos/","summary":"A remote denial of service vulnerability, CVE-2026-15709, exists in the libsoup library's websocket permessage-deflate extension, allowing an attacker to trigger a denial of service through unbounded decompression.","title":"libsoup Websocket Unbounded Decompression Denial of Service Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-07-libsoup-websocket-dos/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-15711"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["libsoup"],"_cs_severities":["low"],"_cs_tags":["denial-of-service","vulnerability","libsoup","websocket"],"_cs_type":"advisory","_cs_vendors":["Libsoup"],"content_html":"\u003cp\u003eA remote denial of service (DoS) vulnerability, identified as CVE-2026-15711, has been disclosed in the libsoup library. Libsoup is an HTTP client/server library for GNOME. This vulnerability specifically impacts the library's \u003ccode\u003esoupwebsocketconnection\u003c/code\u003e component, which handles WebSocket communication. The flaw arises from an improper handling of oversized control frames, which constitutes a protocol violation within the WebSocket specification. An attacker can exploit this by sending a malformed or excessively large control frame to a system using the vulnerable libsoup component, leading to resource exhaustion or application instability, ultimately resulting in a denial of service. The Microsoft Security Response Center (MSRC) published an advisory on July 17, 2026, confirming the vulnerability. The specific conditions under which this vulnerability manifests and any observed exploitation attempts in the wild are not detailed in the available information.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eThis brief describes a vulnerability and its exploitation mechanism rather than a full attack campaign. The following steps outline how an attacker could leverage CVE-2026-15711:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eTarget Identification\u003c/strong\u003e: An attacker identifies a server or application utilizing the vulnerable \u003ccode\u003elibsoup\u003c/code\u003e library for WebSocket communication.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConnection Establishment\u003c/strong\u003e: The attacker initiates a WebSocket connection to the targeted server.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCrafting Malicious Frame\u003c/strong\u003e: The attacker crafts a WebSocket control frame (e.g., a PING, PONG, CLOSE frame) that exceeds the expected or allowed size limits, violating the WebSocket protocol specification (RFC 6455).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTransmission\u003c/strong\u003e: The oversized control frame is sent over the established WebSocket connection to the \u003ccode\u003esoupwebsocketconnection\u003c/code\u003e component of the \u003ccode\u003elibsoup\u003c/code\u003e library.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProtocol Violation Trigger\u003c/strong\u003e: The \u003ccode\u003elibsoup\u003c/code\u003e component processes the oversized control frame, encountering a protocol violation due to its excessive size.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResource Exhaustion/Crash\u003c/strong\u003e: This improper handling leads to unrecoverable errors, memory issues, or a crash within the application or service utilizing \u003ccode\u003elibsoup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDenial of Service\u003c/strong\u003e: The targeted application or service becomes unresponsive or terminates, resulting in a denial of service for legitimate users.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-15711 leads directly to a denial of service condition for applications or services relying on the vulnerable \u003ccode\u003elibsoup\u003c/code\u003e library for WebSocket functionality. While the provided information does not specify the scope of targeting or the number of victims, any system that incorporates an unpatched version of \u003ccode\u003elibsoup\u003c/code\u003e and exposes WebSocket endpoints is potentially vulnerable. The impact can range from temporary service disruptions and loss of availability to data processing interruptions, affecting critical business operations depending on the targeted service's role.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the latest security updates provided by the vendor or upstream project for \u003ccode\u003elibsoup\u003c/code\u003e to patch CVE-2026-15711 immediately.\u003c/li\u003e\n\u003cli\u003eMonitor systems for unusual service crashes or restarts that could indicate a denial of service event, especially on applications exposed to external WebSocket connections.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-17T07:08:38Z","date_published":"2026-07-17T07:08:38Z","id":"https://feed.craftedsignal.io/briefs/2026-07-libsoup-dos/","summary":"A remote denial of service vulnerability, CVE-2026-15711, exists in the libsoup library's WebSocket connection handling due to an oversized control frame protocol violation, allowing an attacker to cause service disruption.","title":"Libsoup WebSocket Remote Denial of Service Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-07-libsoup-dos/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":6.5,"id":"CVE-2026-15714"}],"_cs_exploited":true,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Libsoup"],"_cs_severities":["medium"],"_cs_tags":["vulnerability","out-of-bounds-read","libsoup","gnome"],"_cs_type":"threat","_cs_vendors":["GNOME Foundation"],"content_html":"\u003cp\u003eA security vulnerability, designated CVE-2026-15714, has been identified in the Libsoup library, specifically within its \u003ccode\u003esoupmultipartinputstream\u003c/code\u003e component. This flaw manifests as an out-of-bounds read error in the \u003ccode\u003esoup_multipart_input_stream_read_headers\u003c/code\u003e function. The vulnerability is triggered when the affected software processes a malformed or oversized multipart boundary string, leading to attempts to read data beyond the allocated memory buffer. While the provided source does not detail active exploitation, out-of-bounds read vulnerabilities can typically result in information disclosure, allowing attackers to access sensitive data from memory, or lead to denial-of-service conditions by crashing the application. Libsoup is a fundamental GNOME library used by various applications for HTTP client and server functionality, making this a potentially widespread concern for users of GNOME-based systems and applications.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eThe provided source describes a vulnerability in a library component rather than an active attack campaign or observed exploitation. Therefore, a specific attack chain is not documented. Exploitation would typically involve an attacker crafting a malicious network request containing an oversized multipart boundary string, sending it to an application utilizing the vulnerable Libsoup component, and thereby triggering the out-of-bounds read condition.\u003c/p\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-15714 could lead to several negative impacts, even though no observed exploitation is detailed. The primary concern with an out-of-bounds read vulnerability is information disclosure, where an attacker might be able to read sensitive data stored in adjacent memory regions, potentially compromising confidentiality. Additionally, such memory corruption issues can cause application crashes, resulting in a denial-of-service condition for affected systems or applications. The actual impact would depend on the specific application using Libsoup, the data processed, and the system environment.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-15714 by updating the Libsoup library to the latest patched version immediately.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-17T07:06:10Z","date_published":"2026-07-17T07:06:10Z","id":"https://feed.craftedsignal.io/briefs/2026-07-libsoup-out-of-bounds-read/","summary":"A vulnerability identified as CVE-2026-15714 in the Libsoup library's soupmultipartinputstream component allows an out-of-bounds read when processing an oversized multipart boundary string, potentially leading to information disclosure or application instability.","title":"Libsoup Vulnerability CVE-2026-15714 Allows Out-of-Bounds Read","url":"https://feed.craftedsignal.io/briefs/2026-07-libsoup-out-of-bounds-read/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":5.9,"id":"CVE-2026-15713"}],"_cs_exploited":true,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Libsoup"],"_cs_severities":["high"],"_cs_tags":["denial-of-service","vulnerability","http/2","libsoup","memory-leak"],"_cs_type":"threat","_cs_vendors":["GNOME"],"content_html":"\u003cp\u003eA remote denial-of-service vulnerability, identified as CVE-2026-15713, has been discovered in the Libsoup library, specifically within its \u003ccode\u003esoupcache\u003c/code\u003e component. This vulnerability is attributed to a memory leak that occurs during the handling of HTTP/2 frame windows. When exploited, this flaw can lead to the exhaustion of memory resources on affected systems, causing applications or services that rely on the vulnerable Libsoup version to become unresponsive or crash entirely. The vulnerability affects the GNOME Libsoup library, which is a core component used by various Linux applications for HTTP client operations. While the MSRC advisory does not detail specific exploitation in the wild, the nature of the vulnerability implies that a remote attacker could trigger the denial of service by sending a series of specially crafted HTTP/2 requests. This poses a significant risk to the availability and stability of services utilizing the vulnerable library, potentially impacting critical systems.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eCrafted Request Initiation\u003c/strong\u003e: A remote attacker sends specially crafted HTTP/2 requests to a server or application utilizing a vulnerable version of the Libsoup library.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerability Trigger\u003c/strong\u003e: The \u003ccode\u003esoupcache\u003c/code\u003e component within the Libsoup library processes these malformed HTTP/2 requests.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMemory Leak\u003c/strong\u003e: Due to a flaw in the management of HTTP/2 frame windows, the processing of the crafted requests causes a memory leak within the application's process.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResource Exhaustion\u003c/strong\u003e: The attacker continues to send these requests, repeatedly triggering the memory leak and consuming increasing amounts of system memory.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDenial of Service\u003c/strong\u003e: As system memory resources become exhausted, the application or service running the vulnerable Libsoup library becomes unstable, unresponsive, or crashes, leading to a denial of service for legitimate users.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-15713 results in a denial of service for applications or services dependent on the vulnerable Libsoup library. This can manifest as application crashes, hangs, or complete unresponsiveness, rendering the service unavailable to users. The impact can range from temporary inconvenience to significant operational disruption, depending on the criticality of the affected application and the frequency of attacks. While specific victim counts or targeted sectors are not provided, any system running the affected Libsoup version could be a target.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-15713 by updating the Libsoup library to a remediated version provided by GNOME or your Linux distribution vendor immediately.\u003c/li\u003e\n\u003cli\u003eMonitor network connections for unusually high volumes of HTTP/2 requests targeting services using Libsoup, which could indicate a DoS attempt related to CVE-2026-15713.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-17T07:05:28Z","date_published":"2026-07-17T07:05:28Z","id":"https://feed.craftedsignal.io/briefs/2026-07-libsoup-http2-dos/","summary":"A remote denial of service vulnerability, CVE-2026-15713, exists in the soupcache component of the Libsoup library due to a memory leak that leads to HTTP/2 frame window exhaustion, potentially causing application crashes or unresponsiveness.","title":"Libsoup HTTP/2 Frame Window Exhaustion Remote Denial of Service","url":"https://feed.craftedsignal.io/briefs/2026-07-libsoup-http2-dos/"}],"language":"en","title":"CraftedSignal Threat Feed - Libsoup","version":"https://jsonfeed.org/version/1.1"}