CVE-2026-3634

A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.
CRLF Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.9 LOW
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
libsoup2.4
bookworm
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
trixie
vulnerable
libsoup3
bookworm
vulnerable
forky
vulnerable
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libsoup2.4
bionic
deferred
focal
deferred
jammy
deferred
noble
deferred
questing
deferred
xenial
deferred
libsoup3
jammy
deferred
noble
deferred
questing
deferred
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2026-3634
https://bugzilla.redhat.com/show_bug.cgi?id=2445129
https://gitlab.gnome.org/GNOME/libsoup/-/issues/485