CVE-2026-1801 — MEDIUM (5.3)

Vulnerability Description

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line feed (LF) characters instead of the required carriage return and line feed (CRLF). A remote attacker can exploit this without authentication or user interaction by sending specially crafted chunked requests. This allows libsoup to parse and process multiple HTTP requests from a single network message, potentially leading to information disclosure.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Gnome	Libsoup	-
Redhat	Enterprise Linux	6.0

Related Weaknesses (CWE)

CWE-444

References

https://access.redhat.com/security/cve/CVE-2026-1801Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2436315Issue TrackingVendor Advisory
https://gitlab.gnome.org/GNOME/libsoup/-/issues/481Issue Tracking

FAQ

What is CVE-2026-1801?

CVE-2026-1801 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where lib...

How severe is CVE-2026-1801?

CVE-2026-1801 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-1801?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Libsoup, Redhat Enterprise Linux.