CVE-2026-1760

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions SoupServer (affected versions not specified)

Description A flaw exists in SoupServer related to improper handling of HTTP requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. This can lead to an HTTP request smuggling condition. An unauthenticated, remote client can exploit this by sending crafted requests, preventing SoupServer from properly closing connections as defined by RFC 9112. Successful exploitation allows an attacker to smuggle additional requests over the persistent connection, potentially resulting in unintended request processing and denial-of-service (DoS) conditions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

AZL-77618

AZL-77622

BDU:2026-04959

CVE-2026-1760

OESA-2026-1449

OPENSUSE-SU-2026:10276-1

OPENSUSE-SU-2026:10291-1

OPENSUSE-SU-2026:20354-1

OPENSUSE-SU-2026:20384-1

SUSE-SU-2026:0788-1

SUSE-SU-2026:0792-1

SUSE-SU-2026:0796-1

SUSE-SU-2026:0811-1

SUSE-SU-2026:0833-1

SUSE-SU-2026:0834-1

SUSE-SU-2026:20649-1

SUSE-SU-2026:20727-1

SUSE-SU-2026:20752-1

SUSE-SU-2026:20902-1

Affected Products

Soupserver

CVE-2026-1760

Weakness Enumeration

Related Identifiers

Affected Products

References · 72