216.73.216.128

CVE-2026-1760

· Published 02/02/2026 14:16 · Modified 03/02/2026 16:44

Labels: CVE-2026-1760 2026-02-02CVE-2026-1760CWE-444[email protected]

Essential information

Published
02/02/2026 14:16
Modified
03/02/2026 16:44
Author
Creator
CVSS
5.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS metrics

Description

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
redhat / soupserver cpe:2.3:a:redhat:soupserver:*:*:*:*:*:*:*:*

References