CVEFinder.io

CVE-2026-3632

ℹī¸ low
🔍 Scan for this CVE
Summary

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where they can send hidden, malicious requests alongside legitimate ones. In certain situations, this could lead to Server-Side Request Forgery (SSRF), enabling an attacker to force the server to make unautho

Description

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where they can send hidden, malicious requests alongside legitimate ones. In certain situations, this could lead to Server-Side Request Forgery (SSRF), enabling an attacker to force the server to make unauthorized requests to other internal or external systems. The impact is low, as SoupServer is not actually used in internet infrastructure.

CVSS Score
3.9
Low
EPSS Score
0.1
Exploit Probability
Published Date
2026-03-17
First Seen: 2026-03-18
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 4.3% of all 318,332 vulnerabilities in our database.

#304,519
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Mar 17, 2026
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
🏆 Discovered By
Red Hat would like to thank Codean Labs for reporting this issue.
SSVC data provided by CISA
Last Modified 2026-03-19
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
CWE IDs (Weakness Types)
CWE-1286

đŸ“Ļ Affected Products 6

Vendor Product Status Affected Versions
redhat enterprise_linux Affected
v10.0
redhat enterprise_linux Affected
v6.0
redhat enterprise_linux Affected
v7.0
redhat enterprise_linux Affected
v8.0
redhat enterprise_linux Affected
v9.0
gnome libsoup Affected
v-

🔗 References 3

https://access.redhat.com/security/cve/CVE-2026-3632
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2445127
Issue Tracking Vendor Advisory
https://gitlab.gnome.org/GNOME/libsoup/-/issues/483
Exploit Issue Tracking Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-4647 đŸ”ļ medium 6.1 0.0 A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files... 2026-03-23
CVE-2026-3633 ℹī¸ low 3.9 0.0 A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function... 2026-03-17
CVE-2026-3634 ℹī¸ low 3.9 0.0 A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage... 2026-03-17
CVE-2026-4271 đŸ”ļ medium 5.3 1.0 A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs... 2026-03-17
CVE-2026-3441 đŸ”ļ medium 6.1 0.0 A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in t... 2026-03-16
CVE-2026-3442 đŸ”ļ medium 6.1 0.0 A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, ... 2026-03-16
These CVEs affect the same products