Back to overview

CVE-2026-15711

HIGH
7.5
CVSS 3.1
Description
A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 §5.5, which mandates that all WebSocket control frames (e.g., PING, PONG, CLOSE) contain a payload of 125 bytes or less. A remote, unauthenticated attacker can exploit this by sending a non-compliant, oversized control frame. Because the parser handles this protocol violation improperly instead of throwing an immediate connection termination error, it triggers a internal processing crash, resulting in a remote denial of service (DoS) for applications utilizing libsoup WebSockets.

Metadata

CVE ID
CVE-2026-15711
State
PUBLISHED
Assigner
redhat
Reserved
2026-07-14 09:45 UTC
Published
2026-07-14 19:45 UTC
Last updated
2026-07-14 19:45 UTC
Primary CWE
CWE-770
Allocation of Resources Without Limits or Throttling
Vendor / Product
Red Hat / Red Hat Enterprise Linux 10
Sources
cve.org  ·  NVD

Severity & Metrics

7.5 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products (5)
VendorProductPlatformVersions
Red Hat Red Hat Enterprise Linux 10
Red Hat Red Hat Enterprise Linux 6
Red Hat Red Hat Enterprise Linux 7
Red Hat Red Hat Enterprise Linux 8
Red Hat Red Hat Enterprise Linux 9
Weakness (CWE)
CWESourceDescription
CWE-770 cna Allocation of Resources Without Limits or Throttling
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.5 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Back to overview