CVE-2026-2708

Опубликовано: 18 фев. 2026

Источник: redhat

CVSS3: 3.7

Описание

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker to send HTTP requests containing multiple Content-Length headers with differing values.

Отчет

The practical impact is limited because SoupServer is a testing and development utility, not designed for production internet infrastructure. Exploitation requires a deployment topology where SoupServer is serving real traffic behind (or in front of) another HTTP server acting as a proxy — a scenario that contradicts its intended use.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	libsoup3	Under investigation
Red Hat Enterprise Linux 6	libsoup	Fix deferred
Red Hat Enterprise Linux 7	libsoup	Fix deferred
Red Hat Enterprise Linux 8	libsoup	Under investigation
Red Hat Enterprise Linux 9	libsoup	Under investigation

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-444

https://bugzilla.redhat.com/show_bug.cgi?id=2440743libsoup: libsoup: HTTP Request Smuggling via Duplicate Content-Length Headers

3.7 Low

CVSS3

Связанные уязвимости

CVE-2026-2708

ubuntu

около 1 месяца назад

[libsoup: HTTP/1 request smuggling primitives accepted (CL.CL and TE+CL) in soup_headers_parse()]

CVE-2026-2708

debian

[libsoup: HTTP/1 request smuggling primitives accepted (CL.CL and TE+CL) in soup_headers_parse()]

SUSE-SU-2026:0690-1

suse-cvrf

29 дней назад

Security update for libsoup

SUSE-SU-2026:0689-1

suse-cvrf

29 дней назад

Security update for libsoup

SUSE-SU-2026:0657-1

suse-cvrf

30 дней назад

Security update for libsoup2

3.7 Low

CVSS3