CVE-2026-6324 - Vulnerability Details

- Libsoup: libsoup: http request smuggling via unsigned to signed conversion error

Description

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the `soup_body_input_stream_read_chunked()` function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a non-libsoup backend server. Successful exploitation can allow an attacker to bypass security controls, poison web caches, or gain unauthorized access.

Published: 2026-05-29

Score: 4.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

libsoup, a library used in many Red Hat Enterprise Linux distributions, contains an unsigned to signed conversion error in the function soup_body_input_stream_read_chunked(). When a malicious HTTP request is processed under certain proxy configurations, this error can be exploited for HTTP request smuggling, allowing an attacker to bypass existing security controls, poison web caches or gain unauthorized access. The flaw is a classic example of a type confusion weakness (CWE‑444).

Affected Systems

Red Hat Enterprise Linux 6 through 10 are affected because the vulnerability resides in the version of libsoup bundled with these OS releases. Any systems running these distributions with the default libsoup implementation are potentially impacted.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity, and no publicly available exploit probability metric is reported. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, which suggests it has not yet been widely exploited. The likely attack vector is a remote attacker sending crafted HTTP requests through a non‑libsoup proxy or positioning libsoup as a proxy in front of a non‑libsoup backend, leading to request smuggling. While the impact is limited to bypassing controls, cache poisoning, or unauthorized access, the absence of a high severity rating and exploit data means the risk is moderate as long as the system topology conforms to the described scenario.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor	Product	Default status	Versions
Red Hat	Red Hat Enterprise Linux 10	unknown	—
Red Hat	Red Hat Enterprise Linux 6	unknown	—
Red Hat	Red Hat Enterprise Linux 7	unknown	—
Red Hat	Red Hat Enterprise Linux 8	unknown	—
Red Hat	Red Hat Enterprise Linux 9	unknown	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the libsoup package to a version that includes the fix for CVE‑2026‑6324.
Configure network segmentation or firewall rules to isolate non‑libsoup proxy traffic and block malicious request vectors.
Review proxy configurations to ensure libsoup is not positioned as a proxy in front of non‑libsoup backend services; consider using a dedicated proxy instead or disabling proxy mode altogether.

Generated by OpenCVE AI on May 29, 2026 at 07:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0004.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2026-6324
https://bugzilla.redhat.com/show_bug.cgi?id=2458479
https://gitlab.gnome.org/GNOME/libsoup/-/issues/508
https://gitlab.gnome.org/GNOME/libsoup/-/work_items/508

History

Fri, 29 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
References		https://gitlab.gnome.org/GNOME/libsoup/-/work_items/508
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 29 May 2026 06:30:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the `soup_body_input_stream_read_chunked()` function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a non-libsoup backend server. Successful exploitation can allow an attacker to bypass security controls, poison web caches, or gain unauthorized access.
Title		Libsoup: libsoup: http request smuggling via unsigned to signed conversion error
First Time appeared		Redhat Redhat enterprise Linux
Weaknesses		CWE-444
CPEs		cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2026-6324 https://bugzilla.redhat.com/show_bug.cgi?id=2458479 https://gitlab.gnome.org/GNOME/libsoup/-/issues/508
Metrics		cvssV3_1 `{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}`

Subscriptions

Redhat Enterprise Linux

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-05-29T05:24:07.364Z

Updated: 2026-05-29T14:01:04.526Z

Reserved: 2026-04-14T20:50:53.403Z

Link: CVE-2026-6324

Vulnrichment

Updated: 2026-05-29T14:00:59.497Z

NVD

Status : Awaiting Analysis

Published: 2026-05-29T07:16:14.327

Modified: 2026-05-29T15:16:25.023

Link: CVE-2026-6324

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-29T08:00:06Z

Weaknesses

CWE-444

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object