CVE-2026-1467
Libsoup: libsoup: http header injection via specially crafted urls when an http proxy is configured
CVSS Score
5.8
EPSS Score
0.1%
EPSS Percentile
22th
A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing a specially crafted URL containing CRLF sequences, allowing them to inject additional HTTP headers or complete HTTP request bodies. This can lead to unintended or unauthorized HTTP requests being forwarded by the proxy, potentially impacting downstream services.
| CWE | CWE-93 |
| Vendor | red hat |
| Product | red hat enterprise linux 10 |
| Published | Jan 27, 2026 |
| Last Updated | Mar 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat enterprise linux 10
Be the first to know when new medium vulnerabilities affecting red hat red hat enterprise linux 10 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None
Affected Versions
Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected References
Credits
Red Hat would like to thank Codean Labs for reporting this issue.