CVE-2026-3632 in libsoupinfo

Zusammenfassung

von MITRE • 17.03.2026

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where they can send hidden, malicious requests alongside legitimate ones. In certain situations, this could lead to Server-Side Request Forgery (SSRF), enabling an attacker to force the server to make unauthorized requests to other internal or external systems. The impact is low, as SoupServer is not actually used in internet infrastructure.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Veröffentlichung

17.03.2026

Moderieren

akzeptiert

Eintrag

VDB-349433

CPE

bereit

CWE

CWE-918 (bestätigt)

CVSS

5.5 (NVD)

EPSS

0.00129

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-3632
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-3632
CVE Details	https://www.cvedetails.com/cve/CVE-2026-3632/

◂ Zurück Übersicht Weiter ▸

Do you know our Splunk app?

Download it now for free!