Description
A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions.
Published: 2026-02-02
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

This vulnerability is an HTTP request smuggling flaw caused by improper handling of combined Transfer-Encoding: chunked and Connection: keep-alive headers. An attacker can send crafted requests that are not closed as required, allowing smuggled requests over the persistent connection. The result is unintended request processing and a potential denial of service condition. The weakness corresponds to CWE-444.

Affected Systems

Red Hat Enterprise Linux 10, 6, 7, 8, and 9. The flaw exists in the libSoup component included in these distributions.

Risk and Exploitability

The CVSS score is 5.3, indicating moderate severity, while the EPSS score is below 1%, showing a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. A remote, unauthenticated client can trigger the flaw from outside the network by sending HTTP requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. Because it exploits transparent HTTP behavior, the attack is feasible over standard HTTP connections, but it requires crafted requests and knowledge of the malformed header pattern.

Generated by OpenCVE AI on April 16, 2026 at 07:06 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

  • Install the latest security updates for Red Hat Enterprise Linux that include the fixed libSoup package as soon as they become available.
  • Configure your web server or a reverse proxy to reject or close connections that include both Transfer-Encoding: chunked and Connection: keep-alive headers, or otherwise validate HTTP request headers before forwarding them.
  • Enable detailed HTTP logging and monitor the logs for repeated Transfer-Encoding: chunked requests or malformed connections, and alert on potential smuggling attempts.

Generated by OpenCVE AI on April 16, 2026 at 07:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
References

Tue, 03 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 02 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Feb 2026 14:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions.
Title Libsoup: soupserver: denial of service via http request smuggling
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-444
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-19T14:20:22.488Z

Reserved: 2026-02-02T12:25:23.985Z

Link: CVE-2026-1760

cve-icon Vulnrichment

Updated: 2026-02-02T17:29:50.372Z

cve-icon NVD

Status : Deferred

Published: 2026-02-02T14:16:34.483

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1760

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-02T00:00:00Z

Links: CVE-2026-1760 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T07:15:28Z

Weaknesses