Search CVE reports


Toggle filters

11 – 20 of 59 results


CVE-2026-3634

Medium priority
Vulnerable

A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in...

2 affected packages

libsoup2.4, libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup2.4 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
libsoup3 Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2026-3633

Medium priority
Vulnerable

A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage...

2 affected packages

libsoup2.4, libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup2.4 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
libsoup3 Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2026-3632

Medium priority
Vulnerable

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A...

2 affected packages

libsoup2.4, libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup2.4 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
libsoup3 Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2026-3099

Low priority
Vulnerable

A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This...

2 affected packages

libsoup2.4, libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup2.4 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
libsoup3 Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2026-2443

Medium priority
Needs evaluation

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations,...

2 affected packages

libsoup2.4, libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup2.4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libsoup3 Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2026-1801

Medium priority
Needs evaluation

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk...

2 affected packages

libsoup2.4, libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup2.4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libsoup3 Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2026-1761

Medium priority
Needs evaluation

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially...

2 affected packages

libsoup2.4, libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup2.4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libsoup3 Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2026-1760

Medium priority
Needs evaluation

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated...

2 affected packages

libsoup2.4, libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup2.4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libsoup3 Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2026-1539

Medium priority

Some fixes available 3 of 10

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the...

2 affected packages

libsoup2.4, libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup2.4 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
libsoup3 Not affected Fixed Fixed
Show less packages

CVE-2026-1536

Medium priority

Some fixes available 3 of 10

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are then interpreted verbatim when...

2 affected packages

libsoup2.4, libsoup3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libsoup2.4 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
libsoup3 Not affected Fixed Fixed
Show less packages