Back to CVE List

CVE-2026-2708

LOW SEVERITY

CVSS Score & Metrics

Base Score
3.7 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Vulnerability Description

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker to send HTTP requests containing multiple Content-Length headers with differing values.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-444
Source
NVD

External References

Discussion (0)

Add Comment

No comments yet. Be the first!