Is Redhat affected by CVE-2026-1467?

Organizations using A flaw should be aware of moderate risk from CVE-2026-1467 rated CVSS 5.8. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2026-1467

MEDIUM

2026-01-27 [email protected]

5.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Patch Released

Apr 09, 2026 - 14:30 nvd

Patch available

PoC Detected

Mar 25, 2026 - 14:20 vuln.today

Public exploit code

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Jan 27, 2026 - 10:15 nvd

MEDIUM 5.8

Description

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing a specially crafted URL containing CRLF sequences, allowing them to inject additional HTTP headers or complete HTTP request bodies. This can lead to unintended or unauthorized HTTP requests being forwarded by the proxy, potentially impacting downstream services.

Analysis

libsoup's improper handling of URL-decoded input in HTTP proxy configurations allows remote attackers to inject CRLF sequences into the Host header, enabling injection of arbitrary HTTP headers or request bodies. Public exploit code exists for this vulnerability, which could allow attackers to manipulate downstream services through compromised proxy requests. …

Remediation

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +29

POC: +20

Vendor Status

CVE-2026-1467 vulnerability details – vuln.today

Back

CVE-2026-1467

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Share

CVE-2026-1467

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Share

External POC / Exploit Code