CVE-2026-1801

Name of the Vulnerable Software and Affected Versions libsoup (affected versions not specified)

Description An HTTP Request Smuggling issue exists in libsoup, an HTTP client/server library. The problem stems from non-RFC-compliant parsing within the soup filter input stream read line() function, specifically related to handling chunk headers. The library accepts improperly formatted chunk headers, such as those containing only a line feed (LF) character instead of the required carriage return and line feed (CRLF) sequence. An attacker can exploit this remotely without needing authentication or user interaction by sending crafted chunked requests. This allows the parsing and processing of multiple HTTP requests from a single network message, potentially resulting in information disclosure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.