CVE-2026-1760

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L                                    

Vulnerability Description

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions.

Vulnerability Details

Published Date

February 02, 2026

Last Modified

February 03, 2026

CWE ID

CWE-444

Source

NVD

External References

https://access.redhat.com/security/cve/CVE-2026-1760
https://bugzilla.redhat.com/show_bug.cgi?id=2435951

CVE-2026-1760

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment