Unrated severityNVD Advisory· Published Mar 17, 2026· Updated Mar 19, 2026
Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header
CVE-2026-3634
Description
A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the soup_message_headers_set_content_type() function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:/o:redhat:enterprise_linux:10+ 4 more
- cpe:/o:redhat:enterprise_linux:10
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
- cpe:/o:redhat:enterprise_linux:8
- cpe:/o:redhat:enterprise_linux:9
Patches
Vulnerability mechanics
References
3- access.redhat.com/security/cve/CVE-2026-3634mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- gitlab.gnome.org/GNOME/libsoup/-/issues/485mitre
News mentions
0No linked articles in our index yet.