Red Hat Product Errata RHSA-2026:15968 - Security Advisory Issued: 2026-05-11 Updated: 2026-05-11 RHSA-2026:15968 - Security Advisory Overview Updated Packages Synopsis Moderate: libsoup3 security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libsoup3 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago. Security Fix(es): libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server (CVE-2026-4271) libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment (CVE-2026-5119) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Fixes BZ - 2448044 - CVE-2026-4271 libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server BZ - 2452932 - CVE-2026-5119 libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVEs CVE-2026-4271 CVE-2026-5119 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc x86_64 libsoup3-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: 9eb7185d8022a42f4a06e97e1217ea6fa1edd446edb52ab354e3f6a028e8ae3b libsoup3-debuginfo-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: 1bf21ae5d1dba5c8efc47659d1a42246d24713b09a892bec6ec35fd31cdf9744 libsoup3-debugsource-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: 343aef51b1a8172468c5e907f3f15075a1b4217246a91f01b3edeb888b2965de libsoup3-devel-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: c0800d85ed906f172070924db07650e1c2bd438122396b870de30bd8321c61d5 Red Hat Enterprise Linux for IBM z Systems 10 SRPM libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc s390x libsoup3-3.6.5-3.el10_1.11.s390x.rpm SHA-256: 12eb421b5831c7fa6f9eab6f301c0de581d33f10e9c5fda6df31e799582e2f70 libsoup3-debuginfo-3.6.5-3.el10_1.11.s390x.rpm SHA-256: b5554d8aac5ae2219a2861c814c5ccfc4008cf640d817cd8249660afa9c69391 libsoup3-debugsource-3.6.5-3.el10_1.11.s390x.rpm SHA-256: bfb461923d308b9c7e2234ebe9106089754d2e0bd46a7d4618020160137f8533 libsoup3-devel-3.6.5-3.el10_1.11.s390x.rpm SHA-256: 2066bc766be6acfadf58a618ac16bc437e00091a51c2b9fade45940d068c29c4 Red Hat Enterprise Linux for Power, little endian 10 SRPM libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc ppc64le libsoup3-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 95f0b345b3274819b4af9c2b4591d5f5d052b0824c61951241a6d91d9b627e97 libsoup3-debuginfo-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 5f8d1eec391af21e39441163b280fbea156cdb869e4db6f80dc699821ab5c27f libsoup3-debugsource-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 198c6f912fab2111e63975fbdd7924176397f25dcc1aadd4863851b1b9ca13e9 libsoup3-devel-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 29eaa9b5f63cf8ea1f192545e94c02b738c8a60e3dcf7b357a6befa42674ea06 Red Hat Enterprise Linux for ARM 64 10 SRPM libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc aarch64 libsoup3-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: b780709c7cf1750be73bc8044c19e192444dabb6f32db80e34f4c0c62389412f libsoup3-debuginfo-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: 0113bc8228fd2d5c423b00cab58bc599caf1121a7ddea15f9e33680603656489 libsoup3-debugsource-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: ba06e9c7f66188d7f985d8efac697c5d2e520578d344ecea400272b078b213f1 libsoup3-devel-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: 75897f51e0c92f1087b3f682daa6270ebd1824ed6435e6aeda4f36977e1e9232 Red Hat CodeReady Linux Builder for x86_64 10 SRPM x86_64 libsoup3-doc-3.6.5-3.el10_1.11.noarch.rpm SHA-256: 8b9df19813e9e3a17560427dd36e00fc75ded7ac2f4160c0dcf5c25600967da7 Red Hat CodeReady Linux Builder for Power, little endian 10 SRPM ppc64le libsoup3-doc-3.6.5-3.el10_1.11.noarch.rpm SHA-256: 8b9df19813e9e3a17560427dd36e00fc75ded7ac2f4160c0dcf5c25600967da7 Red Hat CodeReady Linux Builder for ARM 64 10 SRPM aarch64 libsoup3-doc-3.6.5-3.el10_1.11.noarch.rpm SHA-256: 8b9df19813e9e3a17560427dd36e00fc75ded7ac2f4160c0dcf5c25600967da7 Red Hat CodeReady Linux Builder for IBM z Systems 10 SRPM s390x libsoup3-doc-3.6.5-3.el10_1.11.noarch.rpm SHA-256: 8b9df19813e9e3a17560427dd36e00fc75ded7ac2f4160c0dcf5c25600967da7 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .