VulnerableCode Package Details - pkg:deb/debian/libsoup3@3.6.5-8?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1vz1-x5py-dkg5	A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.	CVE-2026-1539
VCID-3zqd-pcvp-a7ed	libsoup: SoupServer: Denial of Service via HTTP request smuggling	CVE-2026-1760
VCID-cjwc-3fs8-17ef	libsoup: libsoup: HTTP Request Smuggling via malformed chunk headers	CVE-2026-1801
VCID-ka6q-xta6-ukdp	libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response	CVE-2026-1761
VCID-nu2x-tpra-4few	libsoup: libsoup: HTTP header injection or response splitting via CRLF injection in Content-Disposition header	CVE-2026-1536
VCID-sccj-juvj-5ud5	libsoup: libsoup: HTTP header injection via specially crafted URLs when an HTTP proxy is configured	CVE-2026-1467

Vulnerability

Summary

Aliases

VCID-1vz1-x5py-dkg5

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.

CVE-2026-1539

VCID-3zqd-pcvp-a7ed

libsoup: SoupServer: Denial of Service via HTTP request smuggling

CVE-2026-1760

VCID-cjwc-3fs8-17ef

libsoup: libsoup: HTTP Request Smuggling via malformed chunk headers

CVE-2026-1801

VCID-ka6q-xta6-ukdp

libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response

CVE-2026-1761

VCID-nu2x-tpra-4few

libsoup: libsoup: HTTP header injection or response splitting via CRLF injection in Content-Disposition header

CVE-2026-1536

VCID-sccj-juvj-5ud5

libsoup: libsoup: HTTP header injection via specially crafted URLs when an HTTP proxy is configured

CVE-2026-1467

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T07:29:40.051962+00:00	Debian Importer	Fixing	VCID-cjwc-3fs8-17ef	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:29:40.015084+00:00	Debian Importer	Fixing	VCID-ka6q-xta6-ukdp	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:29:39.975906+00:00	Debian Importer	Fixing	VCID-3zqd-pcvp-a7ed	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:29:39.936868+00:00	Debian Importer	Fixing	VCID-1vz1-x5py-dkg5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:29:39.898312+00:00	Debian Importer	Fixing	VCID-nu2x-tpra-4few	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:29:39.858811+00:00	Debian Importer	Fixing	VCID-sccj-juvj-5ud5	https://security-tracker.debian.org/tracker/data/json	38.1.0