CVE-2026-3632

CWE-12868 documents8 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 73.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux

Timeline

PublishedMar 17

Description

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where they can send hidden, malicious requests alongside legitimate ones. In certain situations, this could lead to Server-Side Request Forgery (SSRF), enabling an attacker to force the server to make unautho…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:LExploitability: 0.5 | Impact: 3.4

Affected Packages0 packages

Also affects: Enterprise Linux 10.0, 6.0, 7.0, 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-v5mp-vx4p-jwp6: A flaw was found in libsoup, a library used by applications to send network requests↗2026-03-17

▶

CVEList

Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnames↗2026-03-17

▶

OSV

CVE-2026-3632: A flaw was found in libsoup, a library used by applications to send network requests↗2026-03-17

▶

📋Vendor Advisories

Microsoft

Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnames↗2026-03-10

▶

Red Hat

libsoup: libsoup: HTTP Smuggling and Server-Side Request Forgery via Malformed Hostnames↗2026-03-06

▶

Debian

CVE-2026-3632: libsoup2.4 - A flaw was found in libsoup, a library used by applications to send network requ...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-3632 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶