CVE-2026-1801
HTTP Request Smuggling in Libsoup Enables Remote Information Disclosure
Publication date: 2026-02-03
Last updated on: 2026-03-26
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| gnome | libsoup | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-444 | The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in libsoup allows HTTP Request Smuggling, which can potentially lead to information disclosure. Such unauthorized information disclosure could impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data.
However, the overall impact is considered limited because the affected component (SoupServer) is not commonly deployed in internet-facing infrastructure, reducing the likelihood of exploitation in environments subject to these regulations.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-1801 is a security vulnerability in libsoup, an HTTP client/server library. It involves HTTP Request Smuggling caused by improper parsing of chunked HTTP requests. Specifically, libsoup's function soup_filter_input_stream_read_line() accepts malformed chunk headers, such as lone line feed (LF) characters, instead of the required carriage return and line feed (CRLF) sequence mandated by RFC 9112. This flaw allows a remote attacker to send specially crafted chunked requests that cause libsoup to parse and process multiple HTTP requests from a single network message."}] [1]
How can this vulnerability impact me? :
This vulnerability can be exploited remotely without authentication or user interaction by sending specially crafted chunked HTTP requests. It enables HTTP Request Smuggling attacks, which may lead to information disclosure. However, the overall impact is considered limited because the affected component, SoupServer, is not commonly deployed in internet-facing infrastructure.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves HTTP Request Smuggling via malformed chunk headers, specifically where libsoup accepts lone LF characters instead of the required CRLF sequence. Detection would involve monitoring HTTP traffic for malformed chunked requests that do not comply with RFC 9112.'}, {'type': 'paragraph', 'content': 'You can use network traffic analysis tools such as Wireshark or tcpdump to capture HTTP requests and inspect chunked transfer encoding headers for anomalies like lone LF characters.'}, {'type': 'list_item', 'content': "Use tcpdump to capture HTTP traffic on port 80 or 443: tcpdump -i <interface> -A 'tcp port 80 or 443'"}, {'type': 'list_item', 'content': 'Use Wireshark to filter HTTP requests and manually inspect chunked headers for malformed CRLF sequences.'}, {'type': 'list_item', 'content': 'Use custom scripts or tools that parse HTTP chunked requests to detect non-RFC-compliant chunk headers, such as lone LF characters.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating libsoup to a version where this vulnerability is fixed, as the issue arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() function.
Since the vulnerability allows remote exploitation without authentication, it is important to apply patches or updates provided by your operating system or software vendor promptly.
If updating is not immediately possible, consider restricting access to services using libsoup, especially from untrusted networks, to reduce exposure.
Monitor network traffic for suspicious chunked HTTP requests and implement network-level filtering or intrusion detection rules to block malformed chunked requests.