CVE-2026-1760

MEDIUM

SoupServer - HTTP Request Smuggling

Title source: llm
STIX 2.1

Description

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions.

References (3)

Core 3
Core References
Vendor Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-1760
Issue Tracking issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2435951

Scores

CVSS v3 5.3
EPSS 0.0042
EPSS Percentile 34.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-444
Status published
Products (5)
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 9
Published Feb 02, 2026
Tracked Since Feb 18, 2026