VYPR
Unrated severityNVD Advisory· Published Mar 17, 2026· Updated Mar 19, 2026

Libsoup: libsoup: header and http request injection via crlf injection

CVE-2026-3633

Description

A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the soup_message_new() function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage Return Line Feed) injection, occurs because the method value is not properly escaped during request line construction, potentially leading to HTTP request injection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Red Hat/Enterprise Linux Servercpe-rescue5 versions
    cpe:/o:redhat:enterprise_linux:10+ 4 more
    • cpe:/o:redhat:enterprise_linux:10
    • cpe:/o:redhat:enterprise_linux:6
    • cpe:/o:redhat:enterprise_linux:7
    • cpe:/o:redhat:enterprise_linux:8
    • cpe:/o:redhat:enterprise_linux:9

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.