2436315 – (CVE-2026-1801) CVE-2026-1801 libsoup: libsoup: HTTP Request Smuggling via malformed chunk headers

Bug 2436315 (CVE-2026-1801) - CVE-2026-1801 libsoup: libsoup: HTTP Request Smuggling via malformed chunk headers

Summary: CVE-2026-1801 libsoup: libsoup: HTTP Request Smuggling via malformed chunk he...

Keywords:
Status:	NEW
Alias:	CVE-2026-1801
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2436316 2436318 2436317
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-03 12:46 UTC by OSIDB Bzimport
Modified:	2026-02-03 13:03 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-03 12:46:34 UTC

HTTP Request Smuggling vulnerability in the chunked transfer encoding parser of the libsoup HTTP library. The flaw is caused by non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts lone LF (\n) characters and other malformed chunk headers instead of enforcing CRLF (\r\n) as required by RFC 9112. When a malicious HTTP client sends specially crafted chunked requests, libsoup may parse and process multiple HTTP requests from a single network message. Although exploitation is possible remotely without authentication or user interaction, the impact is limited because SoupServer is not commonly used in internet-facing infrastructure.

Note You need to log in before you can comment on or make changes to this bug.