Description

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing a specially crafted URL containing CRLF sequences, allowing them to inject additional HTTP headers or complete HTTP request bodies. This can lead to unintended or unauthorized HTTP requests being forwarded by the proxy, potentially impacting downstream services.

INFO

Published Date :

2026-01-27T09:17:44.535Z

Last Modified :

2026-03-25T14:34:12.270Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2026-1467 vulnerability.

Vendors Products
Gnome
  • Libsoup
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-1467.

URL Resource
https://access.redhat.com/security/cve/CVE-2026-1467 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2433174 cve-icon cve-icon
https://gitlab.gnome.org/GNOME/libsoup/-/issues/488 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-1467 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-1467 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact