VDB
CVE-2026-1801
CVE-2026-1801
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line feed (LF) characters instead of the required carriage return and line feed (CRLF). A remote attacker can exploit this without authentication or user interaction by sending specially crafted chunked requests. This allows libsoup to parse and process multiple HTTP requests from a single network message, potentially leading to information disclosure.
EPSS 0.03% · 8.9th percentile
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.03%
8.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| gnome | libsoup | |
| Red Hat | Red Hat Enterprise Linux 10 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| redhat | enterprise_linux | 7.0, 8.0, 10.0 |
Timeline
- Feb 3, 2026 CVE Published
- Feb 4, 2026 EPSS Score
- Feb 6, 2026 EPSS Score
- Feb 8, 2026 EPSS Score
- Feb 11, 2026 EPSS Score
- Feb 13, 2026 EPSS Score
- Feb 15, 2026 EPSS Score
- Feb 17, 2026 EPSS Score
- Feb 19, 2026 EPSS Score
- Feb 22, 2026 EPSS Score
- Feb 24, 2026 EPSS Score
- Feb 26, 2026 EPSS Score