CVE-2026-3633

Name of the Vulnerable Software and Affected Versions libsoup (affected versions not specified)

Description A flaw exists in libsoup where a remote attacker can inject arbitrary headers and additional request data by controlling the method parameter of the soup message new() function. This is a CRLF (Carriage Return Line Feed) injection issue, occurring because the method value is not properly escaped during request line construction, potentially leading to HTTP request injection. The vulnerability allows attackers to manipulate HTTP requests by inserting malicious headers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.