2433174 – (CVE-2026-1467) CVE-2026-1467 libsoup: libsoup: HTTP header injection via specially crafted URLs when an HTTP proxy is configured

Bug 2433174 (CVE-2026-1467) - CVE-2026-1467 libsoup: libsoup: HTTP header injection via specially crafted URLs when an HTTP proxy is configured

Summary: CVE-2026-1467 libsoup: libsoup: HTTP header injection via specially crafted U...

Keywords:
Status:	NEW
Alias:	CVE-2026-1467
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2433176 2433177 2433178 2433179 2433180 2433181
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-27 08:13 UTC by OSIDB Bzimport
Modified:	2026-01-27 08:29 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-01-27 08:13:34 UTC

CRLF Injection vulnerability in the libsoup HTTP client library when an HTTP proxy is configured. The issue is caused by improper sanitization of URL-decoded input used to populate the Host header during request creation in the SoupSession workflow. By supplying a specially crafted URL containing CRLF sequences, an attacker can inject additional HTTP headers or complete HTTP request bodies. Exploitation requires a victim application to process an attacker-controlled URL while using an HTTP proxy. Successful exploitation may allow unintended or unauthorized HTTP requests to be forwarded by the proxy, potentially impacting downstream services, but does not directly compromise the client system.

Note You need to log in before you can comment on or make changes to this bug.