CVE-2026-12549

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

4.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L                                    

Vulnerability Description

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading to malformed HTTP 206 responses and log flooding.

Vulnerability Details

Published Date

June 22, 2026

Last Modified

June 22, 2026

CWE ID

CWE-805

Source

NVD

Vendor

Red Hat

Product

Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9

External References

https://access.redhat.com/security/cve/CVE-2026-12549
https://access.redhat.com/security/cve/cve-2026-0716
https://bugzilla.redhat.com/show_bug.cgi?id=2489999
https://gitlab.gnome.org/GNOME/libsoup/-/work_items/516

CVE-2026-12549

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment