Security Advisory

CVE-2026-2708

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-23 21:51:23

Last updated 2026-04-24 14:55:14

Assigner redhat

State PUBLISHED

Description

A request smuggling vulnerability exists in libsoups HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker to send HTTP requests containing multiple Content-Length headers with differing values.

← Browse all CVEs View on cve.org ↗