AZL-77618

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77618.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-77618

Upstream

CVE-2026-1760

Published

2026-02-02T14:16:34Z

Modified

2026-04-21T04:34:18.960356Z

Summary

CVE-2026-1760 affecting package libsoup 3.0.4-12

Details

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-1760

Affected packages

Azure Linux:2 / libsoup

Package

Name: libsoup
Purl: pkg:rpm/azure-linux/libsoup

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.0.4-12

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77618.json"