Description
A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.
Published: 2026-03-17
Score: 3.9 Low
EPSS: < 1% Very Low
KEV: No
Impact: HTTP Header Injection / Response Splitting
Action: Assess Impact
AI Analysis

Impact

A flaw in the libsoup library allows an attacker who has influence over the value used to set the Content‑Type header to inject a CRLF sequence due to lack of proper input sanitization in the `soup_message_headers_set_content_type()` function. The inserted CRLF characters create additional, arbitrary header‑value pairs in the HTTP response, which can lead to HTTP header injection and response‑splitting attacks. The vulnerability is identified as CWE‑93 and may be exploited by manipulating the outgoing HTTP headers that the application generates.

Affected Systems

The issue affects Red Hat Enterprise Linux systems from version 6 through 10 that include an unpatched copies of libsoup. No specific sub‑versions are cited, so any Red Hat installation that links against a libsoup version before the fix is potentially vulnerable.

Risk and Exploitability

The CVSS score of 3.9 indicates a low‑to‑moderate severity, and the EPSS exploitation probability is reported as less than 1 %. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack requires an application that forwards user‑controlled or otherwise untrusted content‑type values to the `soup_message_headers_set_content_type()` call, enabling the attacker to inject CRLF characters and alter the structure of the HTTP response headers.

Generated by OpenCVE AI on April 17, 2026 at 11:34 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

  • Apply any Red Hat patches or newer libsoup releases that address this issue when they become available
  • Validate or sanitize content‑type values before they are supplied to `soup_message_headers_set_content_type()`
  • Restrict user input that determines the content‑type header so that only trusted values are used
  • No Red Hat‑approved workaround is available; current alternatives do not meet security criteria.

Generated by OpenCVE AI on April 17, 2026 at 11:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Gnome
Gnome libsoup
CPEs cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Gnome
Gnome libsoup

Tue, 17 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.
Title libsoup: libsoup: HTTP header injection and response splitting via CRLF injection in Content-Type header Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Libsoup
Libsoup libsoup
Vendors & Products Libsoup
Libsoup libsoup

Fri, 06 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title libsoup: libsoup: HTTP header injection and response splitting via CRLF injection in Content-Type header
Weaknesses CWE-93
References
Metrics threat_severity

None

 cvssV3_1

{'score': 3.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L'}

threat_severity

Moderate

Subscriptions

Gnome Libsoup
Libsoup Libsoup
Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-19T20:55:36.678Z

Reserved: 2026-03-06T08:03:35.024Z

Link: CVE-2026-3634

cve-icon Vulnrichment

Updated: 2026-03-17T13:02:58.442Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-17T10:16:00.860

Modified: 2026-03-19T19:52:33.170

Link: CVE-2026-3634

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-06T05:05:00Z

Links: CVE-2026-3634 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T11:45:06Z

Weaknesses