CVE-2026-1760

EUVD-2026-5105

02.02.2026, 14:16

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions.

HTTP Request/Response Smuggling

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Debian Releases

Debian Product

Codename

libsoup2.4

bookworm	no-dsa
bullseye	vulnerable
bullseye (security)	vulnerable
trixie	no-dsa

libsoup3

bookworm	no-dsa
forky	3.6.6-1 fixed
sid	3.6.6-1 fixed
trixie	no-dsa

openSUSE / SLES Releases

openSUSE Product

Release

libsoup-2_4-1

suse enterprise desktop 15 SP7	2.74.3-150600.4.30.1 fixed
suse enterprise sap 15 SP4	2.74.2-150400.3.31.1 fixed
suse enterprise sap 15 SP5	2.74.2-150400.3.31.1 fixed
suse enterprise sap 15 SP7	2.74.3-150600.4.30.1 fixed
suse enterprise server 12 SP3	2.62.2-5.37.1 fixed
suse enterprise server 12 SP5	2.62.2-5.37.1 fixed
suse enterprise server 15 SP4	2.74.2-150400.3.31.1 fixed
suse enterprise server 15 SP5	2.74.2-150400.3.31.1 fixed
suse enterprise server 15 SP6	2.74.3-150600.4.30.1 fixed
suse enterprise server 15 SP7	2.74.3-150600.4.30.1 fixed

libsoup-2_4-1-32bit

suse enterprise server 12 SP3	2.62.2-5.37.1 fixed
suse enterprise server 12 SP5	2.62.2-5.37.1 fixed

libsoup-3_0-0

suse enterprise desktop 15 SP7	3.4.4-150600.3.37.1 fixed
suse enterprise sap 15 SP4	3.0.4-150400.3.37.1 fixed
suse enterprise sap 15 SP5	3.0.4-150400.3.37.1 fixed
suse enterprise sap 15 SP7	3.4.4-150600.3.37.1 fixed
suse enterprise server 15 SP4	3.0.4-150400.3.37.1 fixed
suse enterprise server 15 SP5	3.0.4-150400.3.37.1 fixed
suse enterprise server 15 SP6	3.4.4-150600.3.37.1 fixed
suse enterprise server 15 SP7	3.4.4-150600.3.37.1 fixed

libsoup-devel

suse enterprise desktop 15 SP7	3.4.4-150600.3.37.1 fixed
suse enterprise sap 15 SP4	3.0.4-150400.3.37.1 fixed
suse enterprise sap 15 SP5	3.0.4-150400.3.37.1 fixed
suse enterprise sap 15 SP7	3.4.4-150600.3.37.1 fixed
suse enterprise server 12 SP3	2.62.2-5.37.1 fixed
suse enterprise server 12 SP5	2.62.2-5.37.1 fixed
suse enterprise server 15 SP4	3.0.4-150400.3.37.1 fixed
suse enterprise server 15 SP5	3.0.4-150400.3.37.1 fixed
suse enterprise server 15 SP6	3.4.4-150600.3.37.1 fixed
suse enterprise server 15 SP7	3.4.4-150600.3.37.1 fixed

libsoup-lang

suse enterprise desktop 15 SP7	3.4.4-150600.3.37.1 fixed
suse enterprise sap 15 SP4	3.0.4-150400.3.37.1 fixed
suse enterprise sap 15 SP5	3.0.4-150400.3.37.1 fixed
suse enterprise sap 15 SP7	3.4.4-150600.3.37.1 fixed
suse enterprise server 12 SP3	2.62.2-5.37.1 fixed
suse enterprise server 12 SP5	2.62.2-5.37.1 fixed
suse enterprise server 15 SP4	3.0.4-150400.3.37.1 fixed
suse enterprise server 15 SP5	3.0.4-150400.3.37.1 fixed
suse enterprise server 15 SP6	3.4.4-150600.3.37.1 fixed
suse enterprise server 15 SP7	3.4.4-150600.3.37.1 fixed

libsoup2-devel

suse enterprise desktop 15 SP7	2.74.3-150600.4.30.1 fixed
suse enterprise sap 15 SP4	2.74.2-150400.3.31.1 fixed
suse enterprise sap 15 SP5	2.74.2-150400.3.31.1 fixed
suse enterprise sap 15 SP7	2.74.3-150600.4.30.1 fixed
suse enterprise server 15 SP4	2.74.2-150400.3.31.1 fixed
suse enterprise server 15 SP5	2.74.2-150400.3.31.1 fixed
suse enterprise server 15 SP6	2.74.3-150600.4.30.1 fixed
suse enterprise server 15 SP7	2.74.3-150600.4.30.1 fixed

libsoup2-lang

suse enterprise desktop 15 SP7	2.74.3-150600.4.30.1 fixed
suse enterprise sap 15 SP4	2.74.2-150400.3.31.1 fixed
suse enterprise sap 15 SP5	2.74.2-150400.3.31.1 fixed
suse enterprise sap 15 SP7	2.74.3-150600.4.30.1 fixed
suse enterprise server 15 SP4	2.74.2-150400.3.31.1 fixed
suse enterprise server 15 SP5	2.74.2-150400.3.31.1 fixed
suse enterprise server 15 SP6	2.74.3-150600.4.30.1 fixed
suse enterprise server 15 SP7	2.74.3-150600.4.30.1 fixed

typelib-1_0-Soup-2_4

suse enterprise desktop 15 SP7	2.74.3-150600.4.30.1 fixed
suse enterprise sap 15 SP4	2.74.2-150400.3.31.1 fixed
suse enterprise sap 15 SP5	2.74.2-150400.3.31.1 fixed
suse enterprise sap 15 SP7	2.74.3-150600.4.30.1 fixed
suse enterprise server 12 SP3	2.62.2-5.37.1 fixed
suse enterprise server 12 SP5	2.62.2-5.37.1 fixed
suse enterprise server 15 SP4	2.74.2-150400.3.31.1 fixed
suse enterprise server 15 SP5	2.74.2-150400.3.31.1 fixed
suse enterprise server 15 SP6	2.74.3-150600.4.30.1 fixed
suse enterprise server 15 SP7	2.74.3-150600.4.30.1 fixed

typelib-1_0-Soup-3_0

suse enterprise desktop 15 SP7	3.4.4-150600.3.37.1 fixed
suse enterprise sap 15 SP4	3.0.4-150400.3.37.1 fixed
suse enterprise sap 15 SP5	3.0.4-150400.3.37.1 fixed
suse enterprise sap 15 SP7	3.4.4-150600.3.37.1 fixed
suse enterprise server 15 SP4	3.0.4-150400.3.37.1 fixed
suse enterprise server 15 SP5	3.0.4-150400.3.37.1 fixed
suse enterprise server 15 SP6	3.4.4-150600.3.37.1 fixed
suse enterprise server 15 SP7	3.4.4-150600.3.37.1 fixed

Common Weakness Enumeration

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

References

https://access.redhat.com/security/cve/CVE-2026-1760

https://bugzilla.redhat.com/show_bug.cgi?id=2435951

https://gitlab.gnome.org/GNOME/libsoup/-/issues/475