cve-2026-2443

CVE-2026-2443 is a security vulnerability in libsoup, the GNOME HTTP library used across Linux and GNOME-adjacent software. It involves an out-of-bounds read in the partial-content handling path, triggered by specially crafted HTTP Range headers. This can lead to heap information disclosure to a remote attacker, affecting the embedded SoupServer component in vulnerable build configurations. The flaw is considered serious for real deployments, with advisories from Red Hat and NVD highlighting the network-reachable memory read risk. Discussions on WindowsForum cover the technical details, affected systems, and mitigation strategies for this remote heap info disclosure issue.