← voltar
CVE-2026-3633

Libsoup: libsoup: header and http request injection via crlf injection

CVSS 3.9 LOWEPSS 0.2%CWE-93
Vexday Risk Score
8Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 3.9EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
17 mar 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage Return Line Feed) injection, occurs because the method value is not properly escaped during request line construction, potentially leading to HTTP request injection.
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Produtos afetados
Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/security/cve/CVE-2026-3633https://bugzilla.redhat.com/show_bug.cgi?id=2445128https://gitlab.gnome.org/GNOME/libsoup/-/issues/484