2436317 – CVE-2026-1801 libsoup3: libsoup: HTTP Request Smuggling via malformed chunk headers [fedora-all]

Bug 2436317 - CVE-2026-1801 libsoup3: libsoup: HTTP Request Smuggling via malformed chunk headers [fedora-all]

Summary: CVE-2026-1801 libsoup3: libsoup: HTTP Request Smuggling via malformed chunk h...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libsoup3
Sub Component:
Version:	43
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Gwyn Ciesla
QA Contact:
Docs Contact:
URL:
Whiteboard:	{"flaws": ["5daba5ec-1754-41e1-a7f4-9...
Depends On:
Blocks:	CVE-2026-1801
TreeView+	depends on / blocked

Reported:	2026-02-03 12:49 UTC by Abhishek Raj
Modified:	2026-03-19 13:35 UTC (History)
CC List:	3 users (show)
Fixed In Version:	libsoup3-3.6.6-1.fc43
Clone Of:
Environment:
Last Closed:	2026-03-19 13:35:11 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
GNOME Gitlab	GNOME libsoup issues 481	0	None	closed	(CVE-2026-1801) (#YWH-PGM9867-148) HTTP Request Smuggling in soup_filter_input_stream_read_line()	2026-03-19 13:35:11 UTC

Description Abhishek Raj 2026-02-03 12:49:36 UTC

Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

Comment 1 Milan Crha 2026-03-19 13:35:11 UTC

It seems this is split into multiple fixes. One landed for 3.6.6 at least according to https://gitlab.gnome.org/GNOME/libsoup/-/issues/481

That issue mentions also one more commit, but I guess it's referenced only because it's (partly) related to the problem described in the 481.

Note You need to log in before you can comment on or make changes to this bug.