CVE-2026-1536

CVSS v3.1

5.8

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions libsoup (affected versions not specified)

Description A flaw exists in libsoup where an attacker controlling the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are interpreted when constructing HTTP requests or responses, potentially allowing arbitrary HTTP headers to be injected. This can lead to HTTP header injection or HTTP response splitting without authentication or user interaction. The vulnerable component is the handling of the Content-Disposition header.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-93

Related Identifiers

AZL-76370

AZL-76395

BDU:2026-04952

CVE-2026-1536

OESA-2026-2337

OESA-2026-2338

OESA-2026-2339

OPENSUSE-SU-2026:10139-1

OPENSUSE-SU-2026:20186-1

SUSE-SU-2026:0431-1

SUSE-SU-2026:0579-1

SUSE-SU-2026:20238-1

SUSE-SU-2026:20339-1

SUSE-SU-2026:20445-1

SUSE-SU-2026:20649-1

USN-8020-1

Affected Products

Linuxmint

Ubuntu

Libsoup

CVE-2026-1536

Weakness Enumeration

Related Identifiers

Affected Products

References · 68