Request Smuggling Vulnerability in libsoup HTTP/1 Header Parsing by GNOME
CVE-2026-2708

3.7LOW

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
23 April 2026

What is CVE-2026-2708?

A request smuggling vulnerability has been identified in the HTTP/1 header parsing logic of libsoup. The issue arises from the soup_message_headers_append_common() function, which appends each header value without adequately validating for duplicate or conflicting Content-Length fields. This oversight allows malicious actors to craft HTTP requests with multiple Content-Length headers that have differing values, potentially manipulating the way a server processes these requests. As a result, this vulnerability can lead to serious security implications in web applications utilizing the affected version of libsoup.

References

https://access.redhat.com/security/cve/CVE-2026-2708
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2440743
issue-trackingx_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libsoup/-/issues/500

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Cavid for reporting this issue.
.