Unrated severityNVD Advisory· Published Feb 3, 2026· Updated Mar 26, 2026
Libsoup: libsoup: http request smuggling via malformed chunk headers
CVE-2026-1801
Description
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line feed (LF) characters instead of the required carriage return and line feed (CRLF). A remote attacker can exploit this without authentication or user interaction by sending specially crafted chunked requests. This allows libsoup to parse and process multiple HTTP requests from a single network message, potentially leading to information disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:/o:redhat:enterprise_linux:10+ 4 more
- cpe:/o:redhat:enterprise_linux:10
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
- cpe:/o:redhat:enterprise_linux:8
- cpe:/o:redhat:enterprise_linux:9
- osv-coords6 versionspkg:rpm/opensuse/libsoup2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Micro%206.1
< 2.74.3-21.1+ 5 more
- (no CPE)range: < 2.74.3-21.1
- (no CPE)range: < 3.4.4-150600.3.47.1
- (no CPE)range: < 3.4.4-150600.3.47.1
- (no CPE)range: < 3.4.4-150600.3.47.1
- (no CPE)range: < 3.4.2-16.1
- (no CPE)range: < 3.4.4-slfo.1.1_10.1
Patches
Vulnerability mechanics
References
3- access.redhat.com/security/cve/CVE-2026-1801mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- gitlab.gnome.org/GNOME/libsoup/-/issues/481mitre
News mentions
0No linked articles in our index yet.