CVE-2026-3632
LOW 3.9A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where they can send hidden, malicious requests alongside legitimate ones. In certain situations, this could lead to Server-Side Request Forgery (SSRF), enabling an attacker to force the server to make unauthorized requests to other internal or external systems. The impact is low, as SoupServer is not actually used in internet infrastructure.
Affected Applications in Environment
15
libsoup
v2.72.0-10.el9_6.2
22 devices
libsoup
v2.72.0-10.el9_6.2
1 device
libsoup
v2.72.0-12.el9_7.5
2 devices
libsoup
v2.62.3-7.el8_10
1 device
libsoup
v2.72.0-12.el9_7.3
1 device
libsoup
v2.62.3-3.el8
2 devices
libsoup
v2.72.0-12.el9_7.1
3 devices
libsoup
v2.62.3-7.el8_10
1 device
libsoup
v2.62.3-10.el8_10
1 device
libsoup
v2.62.3-10.el8_10
1 device
libsoup
v2.72.0-10.el9_6.3
1 device
libsoup
v2.62.2-2.el7
1 device
libsoup
v2.62.3-13.el8_10
1 device
libsoup
v2.62.3-11.el8_10
1 device
libsoup
v2.72.0-12.el9_7.5
1 device
Affected Devices
40
chela03
Linux
chela04
Linux
chela05
Linux
devjobsub.banner.usu.edu
Linux
dpapsb-161390.aggies.usu.edu
Linux
dpapsb-191594.mypc.usu.edu
Linux
el103-02.ece.usu.edu
Linux
el103-03.ece.usu.edu
Linux
el103-04.ece.usu.edu
Linux
el103-05.ece.usu.edu
Linux
el103-07.ece.usu.edu
Linux
el103-08.ece.usu.edu
Linux
el103-09.ece.usu.edu
Linux
el103-10.ece.usu.edu
Linux
el103-14.ece.usu.edu
Linux
el103-15.ece.usu.edu
Linux
el103-16.ece.usu.edu
Linux
el103-17.ece.usu.edu
Linux
el103-18.ece.usu.edu
Linux
el103-19.ece.usu.edu
Linux
el103-20.ece.usu.edu
Linux
el120-01.ece.usu.edu
Linux
el120-02.ece.usu.edu
Linux
el120-03.ece.usu.edu
Linux
el120-04.ece.usu.edu
Linux
el120-05.ece.usu.edu
Linux
el120-06.ece.usu.edu
Linux
el120-08.ece.usu.edu
Linux
el120-09.ece.usu.edu
Linux
el120-10.ece.usu.edu
Linux
el120-11.ece.usu.edu
Linux
el120-12.ece.usu.edu
Linux
el120-14.ece.usu.edu
Linux
eprocdev.banner.usu.edu
Linux
facreadyprod.pplant.usu.edu
Linux
facreadytestrhel.pplant.usu.edu
Linux
facshibsp2.pplant.usu.edu
Linux
guru.cluster
Linux
oms.db.usu.edu
Linux
paymentworksdev.banner.usu.edu
Linux