EUVD-2026-12561CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Tags
Description
A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.
Analysis
A security vulnerability in A flaw (CVSS 3.9). Remediation should follow standard vulnerability management procedures.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| upstream | needs-triage | - |
| bionic | deferred | 2026-03-11 |
| focal | deferred | 2026-03-11 |
| jammy | deferred | 2026-03-11 |
| noble | deferred | 2026-03-11 |
| questing | deferred | 2026-03-11 |
| xenial | deferred | 2026-03-11 |
| Release | Status | Version |
|---|---|---|
| upstream | needs-triage | - |
| jammy | deferred | 2026-03-11 |
| noble | deferred | 2026-03-11 |
| questing | deferred | 2026-03-11 |
Debian
Bug #1130501| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 2.72.0-2 | - |
| bullseye (security) | vulnerable | 2.72.0-2+deb11u3 | - |
| bookworm | vulnerable | 2.74.3-1+deb12u1 | - |
| trixie | vulnerable | 2.74.3-10.1 | - |
| (unstable) | fixed | (unfixed) | - |
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bookworm | vulnerable | 3.2.3-0+deb12u2 | - |
| trixie | vulnerable | 3.6.5-3 | - |
| forky, sid | vulnerable | 3.6.6-1 | - |
| (unstable) | fixed | (unfixed) | - |
Share
External POC / Exploit Code
Leaving vuln.today