CVE-2026-1801 – Red Hat Enterprise Linux Multiple Vulnerabilities
“These vulnerabilities strike at core Linux services. The most serious issue could open a path to major system compromise, while the others increase the risk of crashes, service disruption, and unintended request handling.”
Red Hat released security updates addressing multiple vulnerabilities affecting components used in Red Hat Enterprise Linux. These issues impact key services tied to authentication, HTTP parsing, and memory handling. If left unpatched, they could allow attackers to bypass security controls, trigger memory corruption, or cause denial-of-service conditions.
CVE-2026-1709 carries a CVSS v3.1 score of 9.4 (Critical) and affects Keylime, where missing client-side TLS authentication can allow unauthenticated administrative access. CVE-2026-1761 is rated 8.6 (High) and affects libsoup, where a stack-based buffer overflow could lead to crashes or arbitrary code execution. CVE-2026-1757 has a 6.2 (Medium) score and can cause a local denial-of-service condition in xmllint through memory exhaustion. CVE-2026-1760 is rated 5.3 (Medium) and involves HTTP request smuggling in SoupServer that can lead to unintended request processing and denial of service. CVE-2026-1801 also carries a 5.3 (Medium) score and affects libsoup through malformed chunk parsing that can enable request smuggling and possible information disclosure.
Red Hat addressed these issues through security updates for the affected packages. No verified real-world exploitation or confirmed public proof-of-concept activity was established in the sources I checked.
Key Details
- Affected Product
- Gnome Libsoup
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-444