VDB
CVE-2026-1467
CVE-2026-1467
PUBLISHED
CVSS 5.800000190734863 MEDIUM
A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing a specially crafted URL containing CRLF sequences, allowing them to inject additional HTTP headers or complete HTTP request bodies. This can lead to unintended or unauthorized HTTP requests being forwarded by the proxy, potentially impacting downstream services.
EPSS 0.07% · 22.4th percentile
Risk Scores
CVSS v3.1
5.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS Score
0.07%
22.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| gnome | libsoup | |
| redhat | enterprise_linux | 8.0, 10.0, 9.0 |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Enterprise Linux 10 | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat Enterprise Linux 6 |
Timeline
- Jan 27, 2026 EPSS Score
- Jan 27, 2026 CVE Published
- Jan 29, 2026 EPSS Score
- Feb 1, 2026 EPSS Score
- Feb 3, 2026 EPSS Score
- Feb 6, 2026 EPSS Score
- Feb 8, 2026 EPSS Score
- Feb 11, 2026 EPSS Score
- Feb 13, 2026 EPSS Score
- Feb 16, 2026 EPSS Score
- Feb 18, 2026 EPSS Score
- Feb 21, 2026 EPSS Score