🟠 High | Source: Microsoft Security Response Center
CVE-2026-15714 is an out-of-bounds read vulnerability in libsoup, a GNOME HTTP client/server library, triggered when processing an oversized multipart boundary string in the SoupMultipartInputStream component. An attacker could exploit this to read memory beyond intended boundaries, potentially leaking sensitive data or causing a crash. This affects Azure environments or workloads where libsoup is used as part of the HTTP processing stack.
Security Architect’s Take: Audit any Linux-based Azure workloads, containers, or services that depend on libsoup for HTTP multipart handling, and prioritise patching to the remediated version of libsoup. Consider implementing network-level controls to restrict untrusted multipart HTTP traffic until patches are applied.
Original advisory: CVE-2026-15714 Libsoup: soupmultipartinputstream: libsoup: out-of-bounds read in soup_multipart_input_stream_read_headers via an oversized multipart boundary string