CVE-2026-12549
MEDIUM 4.8The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading to malformed HTTP 206 responses and log flooding.
No known exploitation, public exploit, or elevated probability at this time. Track for changes.
Exploitation likelihood
0.3%chance of exploitation in 30 days · 23rd percentile
Impact if exploited
4.8CVSS 3.1 · MEDIUM
- ConfidentialityLow
- IntegrityNone
- AvailabilityLow
What an attacker needs
- ✓Access: Reachable over the network — no local access needed
- ✓Privileges: No account or privileges required
- ✓User interaction: No user interaction needed
- ⚠Complexity: Needs a race window or specific setup
✓ lowers the bar for an attacker · ⚠ raises it
Affected
Vendors Red Hat
Products Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9
Weakness (CWE)
- CWE-805
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L