You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026 3633
About this tag
CVE-2026-3633 is a CRLF injection vulnerability in libsoup, a GNOME HTTP library. The flaw allows a remote attacker who controls the method parameter passed to soup_message_new() to inject arbitrary headers and request data, enabling HTTP request smuggling. Tracked as CWE-93, the issue was disclosed by Red Hat and affects downstream packages. This tag covers discussions about the vulnerability's impact, mitigation, and related security updates for Linux distributions using libsoup.
CVE-2026-3633 is a reminder that the most dangerous bugs are not always memory corruptions or flashy remote code execution chains; sometimes they are one malformed string away from letting an attacker reshape an HTTP request. In libsoup, a remote attacker who controls the method parameter passed...