VYPR
Unrated severityNVD Advisory· Published Mar 17, 2026· Updated Mar 19, 2026

Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header

CVE-2026-3634

Description

A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the soup_message_headers_set_content_type() function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Red Hat/Enterprise Linux Servercpe-rescue5 versions
    cpe:/o:redhat:enterprise_linux:10+ 4 more
    • cpe:/o:redhat:enterprise_linux:10
    • cpe:/o:redhat:enterprise_linux:6
    • cpe:/o:redhat:enterprise_linux:7
    • cpe:/o:redhat:enterprise_linux:8
    • cpe:/o:redhat:enterprise_linux:9

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.