CVE-2026-1801 โ€” HTTP Request Smuggling in Redhat Enterprise Linux

CWE-444 โ€” HTTP Request Smuggling7 documents7 sources
Severity
6.5MEDIUMNVD
CNA5.3
EPSS
0.0%
top 91.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Enterprise Linux
Timeline
PublishedFeb 3

Description

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line feed (LF) characters instead of the required carriage return and line feed (CRLF). A remote attacker can exploit this without authentication or user interaction by sending specially crafted chunked requests. This allows libsoup to parse and proโ€ฆ

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages0 packages

Also affects: Enterprise Linux 10.0, 6.0, 7.0, 8.0, 9.0

๐Ÿ”ดVulnerability Details

3
GHSA
GHSA-xv49-34rf-rqv4: A flaw was found in libsoup, an HTTP client/server libraryโ†—2026-02-03
โ–ถ
CVEList
Libsoup: libsoup: http request smuggling via malformed chunk headersโ†—2026-02-03
โ–ถ
OSV
CVE-2026-1801: A flaw was found in libsoup, an HTTP client/server libraryโ†—2026-02-03
โ–ถ

๐Ÿ“‹Vendor Advisories

2
Red Hat
libsoup: libsoup: HTTP Request Smuggling via malformed chunk headersโ†—2026-02-03
โ–ถ
Debian
CVE-2026-1801: libsoup2.4 - A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Sm...โ†—2026
โ–ถ

๐Ÿ•ต๏ธThreat Intelligence

1
Wiz
CVE-2026-1801 Impact, Exploitability, and Mitigation Steps | Wizโ†—
โ–ถ
CVE-2026-1801 โ€” HTTP Request Smuggling in Redhat | cvebase