CVE-2026-15709 is a high-severity remote denial-of-service flaw in libsoup’s WebSocket handling. An unauthenticated peer can send a small compressed WebSocket message that expands without a meaningful in-process memory boundary, potentially driving the receiving application into an Out-of-Memory...
CVE-2026-15711 is a newly published remote denial-of-service vulnerability in libsoup’s WebSocket parser that lets an unauthenticated peer crash an application by sending an oversized WebSocket control frame. Red Hat assigned the flaw a CVSS 3.1 score of 7.5 High, and the National Vulnerability...