CVE-2026-3632

Name of the Vulnerable Software and Affected Versions libsoup (affected versions not specified)

Description libsoup, a library used by applications to send network requests, does not properly validate hostnames, allowing special characters to be injected into HTTP headers. This can be exploited to perform HTTP smuggling, where malicious requests are sent alongside legitimate ones. In certain situations, this could lead to Server-Side Request Forgery (SSRF), enabling an attacker to force the server to make unauthorized requests to other internal or external systems. The impact is considered low, as SoupServer is not widely used in internet infrastructure. The issue involves a CRLF injection in the hostname, leading to request smuggling via URL.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.