🟠 High | Source: Microsoft Security Response Center
CVE-2026-15713 is a vulnerability in libsoup, an HTTP client/server library, where improper handling of HTTP/2 frame window management causes a memory leak that can be exploited remotely to exhaust available memory and crash the service. An attacker does not need authentication to trigger the denial of service condition. This affects Azure workloads and services that depend on libsoup for HTTP/2 communications.
Security Architect’s Take: Identify any Azure-hosted Linux workloads or containerised applications using libsoup and prioritise patching to the remediated version; additionally, consider placing rate-limiting and HTTP/2 connection controls at your WAF or ingress layer to reduce exposure in the interim.
Original advisory: CVE-2026-15713 Libsoup: soupcache: libsoup: http/2 frame window exhaustion remote denial of service via memory leak