Bug 2458479 (CVE-2026-6324) - CVE-2026-6324 libsoup: libsoup: HTTP Request Smuggling via Unsigned to Signed Conversion Error
Summary: CVE-2026-6324 libsoup: libsoup: HTTP Request Smuggling via Unsigned to Signed...
Keywords:
Status: NEW
Alias: CVE-2026-6324
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-04-14 21:06 UTC by OSIDB Bzimport
Modified: 2026-05-29 05:19 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-04-14 21:06:16 UTC 
HTTP Request Smuggling on libsoup through 
libsoup/http1/soup-body-input-stream.c:soup_body_input_stream_read_chunked() 
via Unsigned to Signed Conversion Error in chunk size

Requirements to exploit: spend malicious HTTP request to libsoup 
backend server operating behind non-libsoup proxy server, or to libsoup 
proxy server operating in front of non-libsoup backend server
Note You need to log in before you can comment on or make changes to this bug.