CVE-2026-3634

Name of the Vulnerable Software and Affected Versions libsoup (affected versions not specified)

Description A flaw exists in libsoup where an attacker controlling the Content-Type header value can inject a Carriage Return Line Feed (CRLF) sequence due to insufficient input sanitization within the soup message headers set content type() function. This allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks. A CRLF sequence enables the injection of additional headers or manipulation of the HTTP response.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.