Primary

Context

libsoup CRLF Injection Vulnerability Allowing HTTP Header Injection

Vulnerability

A CRLF injection vulnerability has been identified in libsoup, an HTTP client library, when an HTTP proxy is configured. The issue arises from improper handling of URL-decoded input used to create the Host header, allowing remote attackers to inject additional HTTP headers or complete request bodies. This exploitation can lead to unauthorized HTTP requests being forwarded by the proxy, potentially affecting downstream services.

Impact

Exploitation of this vulnerability can cause HTTP header injection, allowing attackers to manipulate HTTP requests forwarded by the proxy, which could disrupt or interfere with downstream services.

Remediation

To mitigate this vulnerability, avoid processing untrusted URLs in applications that use libsoup with an HTTP proxy enabled. Additionally, restricting network access to the HTTP proxy can help limit exposure.

Added: Jan 27, 2026, 10:25 AM

Updated: Jan 27, 2026, 3:15 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.4

exploitability

5.8

remediation

7.9

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.4

exploitability

5.8

remediation

7.9

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libsoup CRLF Injection Vulnerability Allowing HTTP Header Injection

Vulnerability

Impact

Remediation

Affected Products

libsoup

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating