Unsigned to Signed Conversion Error in Libsoup Affects Multiple Proxy Implementations
CVE-2026-6324

4.8MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
29 May 2026

What is CVE-2026-6324?

A vulnerability exists in libsoup that arises from an error in handling unsigned to signed conversion within the soup_body_input_stream_read_chunked() function. This issue is particularly concerning when libsoup is deployed behind a non-libsoup proxy server or as a proxy in front of a non-libsoup backend server. Attackers can exploit this flaw by sending crafted HTTP requests, potentially allowing them to bypass security mechanisms, poison web caches, or gain unauthorized access to sensitive information.

References

https://access.redhat.com/security/cve/CVE-2026-6324
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2458479
issue-trackingx_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libsoup/-/issues/508

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.