VYPR
Unrated severityNVD Advisory· Published Jan 28, 2026· Updated Mar 25, 2026

Libsoup: libsoup: http header injection or response splitting via crlf injection in content-disposition header

CVE-2026-1536

Description

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP headers to be injected. This vulnerability can lead to HTTP header injection or HTTP response splitting without requiring authentication or user interaction.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

24

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.