Red Hat Product Errata RHSA-2026:17482 - Security Advisory Issued: 2026-05-14 Updated: 2026-05-14 RHSA-2026:17482 - Security Advisory Overview Updated Packages Synopsis Moderate: libsoup3 security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libsoup3 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago. Security Fix(es): libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server (CVE-2026-4271) libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment (CVE-2026-5119) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2448044 - CVE-2026-4271 libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server BZ - 2452932 - CVE-2026-5119 libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVEs CVE-2026-4271 CVE-2026-5119 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM libsoup3-3.6.5-3.el10_0.15.src.rpm SHA-256: 2c988bff41b88b2faf272e322db3419dc5ea666dc9ee09afd6ee958f912579d7 x86_64 libsoup3-3.6.5-3.el10_0.15.x86_64.rpm SHA-256: 40cd21e2539f703263bb45bafc14b1c7b2d40f10799ff37eaffb783e4b594aa6 libsoup3-debuginfo-3.6.5-3.el10_0.15.x86_64.rpm SHA-256: 3eeb238df3d7e7405c1f4acc8457b4f7eeca21bb9f6f01e2c37874c5f17714ee libsoup3-debugsource-3.6.5-3.el10_0.15.x86_64.rpm SHA-256: c372630fd52ec3741dc0335bc7207da341b9c2beb477f10c9af6d8ba08a88386 libsoup3-devel-3.6.5-3.el10_0.15.x86_64.rpm SHA-256: 3c46413ab21174cabe7f21da2e5cd44e0bf1d01f1c21a2188779fb61638c6d2c Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM libsoup3-3.6.5-3.el10_0.15.src.rpm SHA-256: 2c988bff41b88b2faf272e322db3419dc5ea666dc9ee09afd6ee958f912579d7 s390x libsoup3-3.6.5-3.el10_0.15.s390x.rpm SHA-256: 5475b3fbbd7a0a1d8bcfcad38c8f547a05ba97246fdd9dafcb7cfaca6bd601a0 libsoup3-debuginfo-3.6.5-3.el10_0.15.s390x.rpm SHA-256: d79073ade130cd33eac0afcd04bf0b2bc1330e9514e8862eeb8fa8d02bbcfece libsoup3-debugsource-3.6.5-3.el10_0.15.s390x.rpm SHA-256: 8981680695217daaf335b3a13ff309f663a1c1e9560012dec86317b43a0ab699 libsoup3-devel-3.6.5-3.el10_0.15.s390x.rpm SHA-256: c75962d67642335adad02ed7789eda8d31e86726d2f93e2c0bf5732e4c5f2fab Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM libsoup3-3.6.5-3.el10_0.15.src.rpm SHA-256: 2c988bff41b88b2faf272e322db3419dc5ea666dc9ee09afd6ee958f912579d7 ppc64le libsoup3-3.6.5-3.el10_0.15.ppc64le.rpm SHA-256: 9691b983bc35b0ffa32d0233378149f19947e46b1b0df405cfea74c4d911e1ee libsoup3-debuginfo-3.6.5-3.el10_0.15.ppc64le.rpm SHA-256: 7010771b69f1eb4260b3500f830d9ae7a5feb9d3c0a55a8ead1c6503411ab433 libsoup3-debugsource-3.6.5-3.el10_0.15.ppc64le.rpm SHA-256: fc81096d5a92e7f97ee3ce375cf76e53f43bf886651bf918134e1195d07e8f89 libsoup3-devel-3.6.5-3.el10_0.15.ppc64le.rpm SHA-256: 78bfa0b14f312b1eb90773aa98e510c1b323d212cc7b09d83726e1532548e84c Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM libsoup3-3.6.5-3.el10_0.15.src.rpm SHA-256: 2c988bff41b88b2faf272e322db3419dc5ea666dc9ee09afd6ee958f912579d7 aarch64 libsoup3-3.6.5-3.el10_0.15.aarch64.rpm SHA-256: 12f99f58832d791d57d7b758248dc841c24503b6558384f4c885f9ceef0ff097 libsoup3-debuginfo-3.6.5-3.el10_0.15.aarch64.rpm SHA-256: 0f1a8bb924620af82a5019f8dafeb33a79c6f6a8b88b93f3e9bbceb3c732bc1b libsoup3-debugsource-3.6.5-3.el10_0.15.aarch64.rpm SHA-256: 3439d38c1991170563a92e0603458775a49a80ebaba44b433ae64c0b3e45e554 libsoup3-devel-3.6.5-3.el10_0.15.aarch64.rpm SHA-256: e938840d7e2b16e7eff0efc81d453a3078b6ba232d57a999c63d86bf3af8e687 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 SRPM x86_64 libsoup3-doc-3.6.5-3.el10_0.15.noarch.rpm SHA-256: dbbaff96853701ae55ecc76804c13eba1602bfc33ff36ecec712bdba3a4fe60e Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 SRPM ppc64le libsoup3-doc-3.6.5-3.el10_0.15.noarch.rpm SHA-256: dbbaff96853701ae55ecc76804c13eba1602bfc33ff36ecec712bdba3a4fe60e Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 SRPM s390x libsoup3-doc-3.6.5-3.el10_0.15.noarch.rpm SHA-256: dbbaff96853701ae55ecc76804c13eba1602bfc33ff36ecec712bdba3a4fe60e Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 SRPM aarch64 libsoup3-doc-3.6.5-3.el10_0.15.noarch.rpm SHA-256: dbbaff96853701ae55ecc76804c13eba1602bfc33ff36ecec712bdba3a4fe60e Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 SRPM libsoup3-3.6.5-3.el10_0.15.src.rpm SHA-256: 2c988bff41b88b2faf272e322db3419dc5ea666dc9ee09afd6ee958f912579d7 aarch64 libsoup3-3.6.5-3.el10_0.15.aarch64.rpm SHA-256: 12f99f58832d791d57d7b758248dc841c24503b6558384f4c885f9ceef0ff097 libsoup3-debuginfo-3.6.5-3.el10_0.15.aarch64.rpm SHA-256: 0f1a8bb924620af82a5019f8dafeb33a79c6f6a8b88b93f3e9bbceb3c732bc1b libsoup3-debugsource-3.6.5-3.el10_0.15.aarch64.rpm SHA-256: 3439d38c1991170563a92e0603458775a49a80ebaba44b433ae64c0b3e45e554 libsoup3-devel-3.6.5-3.el10_0.15.aarch64.rpm SHA-256: e938840d7e2b16e7eff0efc81d453a3078b6ba232d57a999c63d86bf3af8e687 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 SRPM libsoup3-3.6.5-3.el10_0.15.src.rpm SHA-256: 2c988bff41b88b2faf272e322db3419dc5ea666dc9ee09afd6ee958f912579d7 s390x libsoup3-3.6.5-3.el10_0.15.s390x.rpm SHA-256: 5475b3fbbd7a0a1d8bcfcad38c8f547a05ba97246fdd9dafcb7cfaca6bd601a0 libsoup3-debuginfo-3.6.5-3.el10_0.15.s390x.rpm SHA-256: d79073ade130cd33eac0afcd04bf0b2bc1330e9514e8862eeb8fa8d02bbcfece libsoup3-debugsource-3.6.5-3.el10_0.15.s390x.rpm SHA-256: 8981680695217daaf335b3a13ff309f663a1c1e9560012dec86317b43a0ab699 libsoup3-devel-3.6.5-3.el10_0.15.s390x.rpm SHA-256: c75962d67642335adad02ed7789eda8d31e86726d2f93e2c0bf5732e4c5f2fab Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 SRPM libsoup3-3.6.5-3.el10_0.15.src.rpm SHA-256: 2c988bff41b88b2faf272e322db3419dc5ea666dc9ee09afd6ee958f912579d7 ppc64le libsoup3-3.6.5-3.el10_0.15.ppc64le.rpm SHA-256: 9691b983bc35b0ffa32d0233378149f19947e46b1b0df405cfea74c4d911e1ee libsoup3-debuginfo-3.6.5-3.el10_0.15.ppc64le.rpm SHA-256: 7010771b69f1eb4260b3500f830d9ae7a5feb9d3c0a55a8ead1c6503411ab433 libsoup3-debugsource-3.6.5-3.el10_0.15.ppc64le.rpm SHA-256: fc81096d5a92e7f97ee3ce375cf76e53f43bf886651bf918134e1195d07e8f89 libsoup3-devel-3.6.5-3.el10_0.15.ppc64le.rpm SHA-256: 78bfa0b14f312b1eb90773aa98e510c1b323d212cc7b09d83726e1532548e84c Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 SRPM libsoup3-3.6.5-3.el10_0.15.src.rpm SHA-256: 2c988bff41b88b2faf272e322db3419dc5ea666dc9ee09afd6ee958f912579d7 x86_64 libsoup3-3.6.5-3.el10_0.15.x86_64.rpm SHA-256: 40cd21e2539f703263bb45bafc14b1c7b2d40f10799ff37eaffb783e4b594aa6 libsoup3-debuginfo-3.6.5-3.el10_0.15.x86_64.rpm SHA-256: 3eeb238df3d7e7405c1f4acc8457b4f7eeca21bb9f6f01e2c37874c5f17714ee libsoup3-debugsource-3.6.5-3.el10_0.15.x86_64.rpm SHA-256: c372630fd52ec3741dc0335bc7207da341b9c2beb477f10c9af6d8ba08a88386 libsoup3-devel-3.6.5-3.el10_0.15.x86_64.rpm SHA-256: 3c46413ab21174cabe7f21da2e5cd44e0bf1d01f1c21a2188779fb61638c6d2c The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .