CVE-2026-12549 | The fix for CVE-2026-2443 was regressed by a subsequent rewo… | CVSS 4.8 MEDIUM

Description

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading to malformed HTTP 206 responses and log flooding.

Metadata

CVE ID: CVE-2026-12549
State: PUBLISHED
Assigner: redhat
Reserved: 2026-06-17 18:40 UTC
Published: 2026-06-22 13:55 UTC
Last updated: 2026-06-22 13:55 UTC
Primary CWE: CWE-805
Buffer Access with Incorrect Length Value
Vendor / Product: Red Hat / Red Hat Enterprise Linux 10
Sources: cve.org · NVD

Severity & Metrics

4.8 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products (5)

Vendor	Product	Platform	Versions
Red Hat	Red Hat Enterprise Linux 10	—	—
Red Hat	Red Hat Enterprise Linux 6	—	—
Red Hat	Red Hat Enterprise Linux 7	—	—
Red Hat	Red Hat Enterprise Linux 8	—	—
Red Hat	Red Hat Enterprise Linux 9	—	—

Weakness (CWE)

CWE	Source	Description
CWE-805	cna	Buffer Access with Incorrect Length Value

CVSS scores (1)

Score	Severity	Version	Source	Vector
4.8	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

References (4)