Unrated severityNVD Advisory· Published Mar 17, 2026· Updated Mar 19, 2026
Libsoup: libsoup: header and http request injection via crlf injection
CVE-2026-3633
Description
A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the soup_message_new() function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage Return Line Feed) injection, occurs because the method value is not properly escaped during request line construction, potentially leading to HTTP request injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:/o:redhat:enterprise_linux:10+ 4 more
- cpe:/o:redhat:enterprise_linux:10
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
- cpe:/o:redhat:enterprise_linux:8
- cpe:/o:redhat:enterprise_linux:9
Patches
Vulnerability mechanics
References
3- access.redhat.com/security/cve/CVE-2026-3633mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- gitlab.gnome.org/GNOME/libsoup/-/issues/484mitre
News mentions
0No linked articles in our index yet.