VDB

TNCVE-2026-2708

TNCVE-2026-2708 PUBLISHED

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker to send HTTP requests containing multiple Content-Length headers with differing values.

Timeline

  • Apr 23, 2026 CVE Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›