CVE-2026-6324 PUBLISHED

Libsoup: libsoup: http request smuggling via unsigned to signed conversion error

Assigner: redhat
Reserved: 14.04.2026 Published: 29.05.2026 Updated: 29.05.2026

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soup_body_input_stream_read_chunked() function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a non-libsoup backend server. Successful exploitation can allow an attacker to bypass security controls, poison web caches, or gain unauthorized access.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS Score: 4.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Red Hat
Product	Red Hat Enterprise Linux 10
Versions	Default: unknown

Vendor	Red Hat
Product	Red Hat Enterprise Linux 6
Versions	Default: unknown

Vendor	Red Hat
Product	Red Hat Enterprise Linux 7
Versions	Default: unknown

Vendor	Red Hat
Product	Red Hat Enterprise Linux 8
Versions	Default: unknown

Vendor	Red Hat
Product	Red Hat Enterprise Linux 9
Versions	Default: unknown

References

Problem Types

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') CWE