CVE-2026-1467

Name of the Vulnerable Software and Affected Versions libsoup (affected versions not specified)

Description A flaw exists in libsoup, an HTTP client library, related to CRLF (Carriage Return Line Feed) Injection. This issue occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. An attacker can exploit this by providing a specially crafted URL containing CRLF sequences, allowing them to inject additional HTTP headers or complete HTTP request bodies. This can lead to unintended or unauthorized HTTP requests being forwarded by the proxy, potentially impacting downstream services. CRLF sequences are characters used to denote the end of a line in the HTTP protocol. Improper handling of these sequences can allow an attacker to control the structure of HTTP requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.