Description
A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP headers to be injected. This vulnerability can lead to HTTP header injection or HTTP response splitting without requiring authentication or user interaction.
Published: 2026-01-28
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: HTTP header injection and response splitting
Action: Patch promptly
AI Analysis

Impact

libsoup, the HTTP client and server library used by a variety of Linux applications, contains a flaw that permits an attacker capable of controlling the Content-Disposition header to embed CRLF (Carriage Return Line Feed) sequences. Those sequences are interpreted literally when the HTTP request or response is assembled, effectively allowing the attacker to inject arbitrary HTTP headers. This vulnerability can lead to HTTP header injection and HTTP response splitting without requiring authentication or user interaction.

Affected Systems

The affected software is distributed with Red Hat Enterprise Linux 6, 7, 8, 9 and 10, as well as with the GNOME libsoup library on other operating systems. No specific version ranges are listed, so any installation that includes the vulnerable libsoup code remains affected until a fix is applied.

Risk and Exploitability

The CVSS v3.1 score of 5.8 indicates a medium severity issue, while the EPSS score of less than 1 % suggests a very low probability of automated exploitation presently. The vulnerability is not listed in CISA’s KEV catalog. The attack vector is inferred to be network‑based because the attacker only needs to supply a malicious Content‑Disposition header in a request or response; no authentication or prior user interaction is required. Exploitation would involve transmitting a crafted header that contains CRLF sequences, which a server or client using the vulnerable libsoup implementation will accept unfiltered.

Generated by OpenCVE AI on April 18, 2026 at 01:43 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

OpenCVE Recommended Actions

  • Apply the vendor‑issued security update that removes the CRLF injection flaw from libsoup.
  • Upgrade Red Hat Enterprise Linux to the latest supported release or apply a customer‑maintenance package that contains the fixed libsoup component.
  • If a patch cannot be applied immediately, implement input validation to strip or encode CRLF characters from any Content‑Disposition header values before they are passed to libsoup.

Generated by OpenCVE AI on April 18, 2026 at 01:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8020-1 libsoup vulnerabilities
History

Wed, 25 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Gnome
Gnome libsoup
CPEs cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Gnome
Gnome libsoup

Thu, 19 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
References

Thu, 29 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 28 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 28 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP headers to be injected. This vulnerability can lead to HTTP header injection or HTTP response splitting without requiring authentication or user interaction.
Title Libsoup: libsoup: http header injection or response splitting via crlf injection in content-disposition header
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-93
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N'}

Subscriptions

Gnome Libsoup
Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-25T14:21:34.319Z

Reserved: 2026-01-28T13:49:51.550Z

Link: CVE-2026-1536

cve-icon Vulnrichment

Updated: 2026-01-28T16:10:10.737Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-28T16:16:16.540

Modified: 2026-03-25T14:14:38.660

Link: CVE-2026-1536

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-01-28T00:00:00Z

Links: CVE-2026-1536 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T01:45:33Z

Weaknesses