Description
A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing a specially crafted URL containing CRLF sequences, allowing them to inject additional HTTP headers or complete HTTP request bodies. This can lead to unintended or unauthorized HTTP requests being forwarded by the proxy, potentially impacting downstream services.
Published: 2026-01-27
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: HTTP header injection that can cause a proxy to forward malicious requests
Action: Apply Patch
AI Analysis

Impact

The flaw resides in the libsoup HTTP client library, where URL‑decoded data is used to build the Host header without proper CRLF sanitization. A maliciously crafted URL that contains carriage return and line feed characters can inject arbitrary HTTP headers or request bodies into the request sent by the proxy. As a result, an attacker can trick the proxy into sending unauthorized or malformed traffic to backend services, potentially enabling unauthorized operations or leaking sensitive data. The vulnerability is identified as CWE‑93, a weakness in input sanitization.

Affected Systems

Red Hat Enterprise Linux distribution versions 6, 7, 8, 9 and 10 are affected through the underlying libsoup component. Exact library version numbers are not disclosed, and no minimal or maximal affected versions are listed by the vendor. The vulnerability applies to any configuration where apps built on libsoup use an HTTP proxy.

Risk and Exploitability

The CVSS score of 5.8 indicates a medium severity impact. The EPSS probability of under 1% suggests that exploitation is unlikely at the current time, and the vulnerability is not among CISA's Known Exploited Vulnerabilities. The attack requires network access to the proxy and the ability to inject a specially crafted URL into a libsoup‑handled request. If an attacker can supply such a URL—either directly to an application or through a web service—then the proxy may forward forged requests to downstream hosts, potentially affecting confidentiality, integrity, or availability of those services.

Generated by OpenCVE AI on April 16, 2026 at 07:18 UTC.

Remediation

Vendor Workaround

To mitigate this issue, avoid processing untrusted URLs in applications that use the libsoup library with an HTTP proxy configured. Restricting network access to the HTTP proxy can also limit potential exposure.

OpenCVE Recommended Actions

  • Apply the vendor's security update that fixes libsoup to a version that properly sanitizes CRLF characters
  • If a patch is not yet available, avoid processing untrusted URLs in applications that use libsoup with an HTTP proxy configured
  • Limit or restrict network access to the HTTP proxy so that only trusted hosts can reach it

Generated by OpenCVE AI on April 16, 2026 at 07:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8020-1 libsoup vulnerabilities
History

Wed, 25 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Gnome
Gnome libsoup
CPEs cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Gnome
Gnome libsoup

Thu, 19 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
References

Wed, 28 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

 cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N'}

Tue, 27 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 27 Jan 2026 09:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing a specially crafted URL containing CRLF sequences, allowing them to inject additional HTTP headers or complete HTTP request bodies. This can lead to unintended or unauthorized HTTP requests being forwarded by the proxy, potentially impacting downstream services.
Title Libsoup: libsoup: http header injection via specially crafted urls when an http proxy is configured
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-93
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Gnome Libsoup
Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-25T14:34:12.270Z

Reserved: 2026-01-27T08:07:32.077Z

Link: CVE-2026-1467

cve-icon Vulnrichment

Updated: 2026-01-27T16:55:05.523Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-27T10:15:48.597

Modified: 2026-03-25T14:20:18.770

Link: CVE-2026-1467

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-01-27T00:00:00Z

Links: CVE-2026-1467 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T07:30:28Z

Weaknesses