CVE-2026-3634

EUVD-2026-12561
A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.
CRLF Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.9 LOW
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
gnomelibsoup
-
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libsoup2.4
bookworm
no-dsa
bullseye
vulnerable
bullseye (security)
vulnerable
trixie
no-dsa
libsoup3
bookworm
no-dsa
forky
vulnerable
sid
vulnerable
trixie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libsoup2.4
bionic
deferred
focal
deferred
jammy
deferred
noble
deferred
questing
deferred
resolute
deferred
xenial
deferred
libsoup3
jammy
deferred
noble
deferred
questing
deferred
resolute
deferred
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2026-3634
https://bugzilla.redhat.com/show_bug.cgi?id=2445129
https://gitlab.gnome.org/GNOME/libsoup/-/issues/485
https://gitlab.gnome.org/GNOME/libsoup/-/issues/485