Vulnerability in Red Hat Enterprise Linux 10
CVE-2026-15709
A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop (inflate()) processes data in chunks without enforcing an upper boundary limit on the output buffer size…
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_REDHAT, vdb-entry)
- secalert@redhat.com (x_refsource_REDHAT, issue-tracking)
- secalert@redhat.com
Frequently asked questions
- What is CVE-2026-15709?
- CVE-2026-15709 is a high-severity vulnerability in Red Hat Enterprise Linux 10, classified under Improper Handling of Highly Compressed Data (Data Amplification). CVSS score: 7.5/10. Published 2026-07-14.
- How severe is CVE-2026-15709?
- High severity. CVSS v3 base score is 7.5 out of 10.