CRLF Injection Vulnerability in libsoup HTTP Client Library
CVE-2026-1467

6.1MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 27 January 2026

What is CVE-2026-1467?

A flaw exists in the libsoup HTTP client library that enables a remote attacker to exploit the system through CRLF Injection. When an HTTP proxy is configured, improper handling of URL-decoded input related to the Host header creates an opportunity for attackers. By sending crafted URLs featuring CRLF sequences, malicious entities can manipulate HTTP headers or entirely create HTTP request bodies. This manipulation can result in unauthorized HTTP requests being transmitted by the proxy, adversely affecting downstream services.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2026-1467

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2433174

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 27, 2026
Vulnerability Reserved
Jan 27, 2026

Credit

Red Hat would like to thank Codean Labs for reporting this issue.

JSON

Red Hat