Home

Description

A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 §5.5, which mandates that all WebSocket control frames (e.g., PING, PONG, CLOSE) contain a payload of 125 bytes or less. A remote, unauthenticated attacker can exploit this by sending a non-compliant, oversized control frame. Because the parser handles this protocol violation improperly instead of throwing an immediate connection termination error, it triggers a internal processing crash, resulting in a remote denial of service (DoS) for applications utilizing libsoup WebSockets.

PUBLISHED Reserved 2026-07-14 | Published 2026-07-14 | Updated 2026-07-14 | Assigner redhat




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Allocation of Resources Without Limits or Throttling

Product status

Default status
affected

Default status
unknown

Default status
unknown

Default status
affected

Default status
affected

Timeline

2026-07-14:Reported to Red Hat.
2026-07-14:Made public.

Credits

Red Hat would like to thank Sebastián Alba Vives (@Sebasteuo / 0xS4bb1) for reporting this issue.

References

access.redhat.com/security/cve/CVE-2026-15711 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2499924 (RHBZ#2499924) issue-tracking

gitlab.gnome.org/GNOME/libsoup/-/issues/515

cve.org (CVE-2026-15711)

nvd.nist.gov (CVE-2026-15711)

Download JSON