ByteOS Network

NVD Vulnerability Details :

CVE-2026-12549

Awaiting Analysis

Source-secalert@redhat.com

Published At-22 Jun, 2026 | 16:16

Updated At-23 Jun, 2026 | 15:16

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading to malformed HTTP 206 responses and log flooding.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.8	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
			N/A

Type: Secondary

Version: 3.1

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Type: N/A

Version:

Base score:

Base severity: N/A

Vector:

Weaknesses

CWE ID	Type	Source
CWE-805	Secondary	secalert@redhat.com

CWE ID: CWE-805

Type: Secondary

Source: secalert@redhat.com

References

Hyperlink	Source	Resource
https://access.redhat.com/security/cve/CVE-2026-12549	secalert@redhat.com	N/A
https://access.redhat.com/security/cve/cve-2026-0716	secalert@redhat.com	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2489999	secalert@redhat.com	N/A
https://gitlab.gnome.org/GNOME/libsoup/-/work_items/516	secalert@redhat.com	N/A