CVE-2026-3634
Publication date 17 March 2026
Last updated 25 March 2026
Ubuntu priority
Description
A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| libsoup2.4 | 25.10 questing |
Vulnerable, fix deferred
|
| 24.04 LTS noble |
Vulnerable, fix deferred
|
|
| 22.04 LTS jammy |
Vulnerable, fix deferred
|
|
| 20.04 LTS focal |
Vulnerable, fix deferred
|
|
| 18.04 LTS bionic |
Vulnerable, fix deferred
|
|
| 16.04 LTS xenial |
Vulnerable, fix deferred
|
|
| libsoup3 | 25.10 questing |
Vulnerable, fix deferred
|
| 24.04 LTS noble |
Vulnerable, fix deferred
|
|
| 22.04 LTS jammy |
Vulnerable, fix deferred
|
Notes
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
3.9 · Low
|
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | High |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L |