CVE-2026-1801

EPSS 0.03%
Veröffentlicht 03.02.2026 20:12:21
Zuletzt bearbeitet 26.03.2026 18:02:05
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Libsoup: libsoup: http request smuggling via malformed chunk headers

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line feed (LF) characters instead of the required carriage return and line feed (CRLF). A remote attacker can exploit this without authentication or user interaction by sending specially crafted chunked requests. This allows libsoup to parse and process multiple HTTP requests from a single network message, potentially leading to information disclosure.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 6 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnome ≫ Libsoup Version-

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Version10.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.084

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
secalert@redhat.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

https://access.redhat.com/security/cve/CVE-2026-1801

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2436315

Vendor Advisory

Issue Tracking

https://gitlab.gnome.org/GNOME/libsoup/-/issues/481

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-1801

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-1801

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-1801

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-1801