UBUNTU-CVE-2026-1760
- Source
- https://ubuntu.com/security/CVE-2026-1760
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-1760.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-1760
- Upstream
- Published
- 2026-02-02T14:16:00Z
- Modified
- 2026-05-20T16:24:08.965737778Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions.
- References
Affected packages
Ubuntu:22.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.72.0-3ubuntu3
2.74.1-1
2.74.2-2
2.74.2-3
2.74.2-3ubuntu0.1
2.74.2-3ubuntu0.2
2.74.2-3ubuntu0.3
2.74.2-3ubuntu0.4
2.74.2-3ubuntu0.5
2.74.2-3ubuntu0.6
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup-gnome2.4-1",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup2.4-1",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup2.4-common",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.74.2-3ubuntu0.6"
}
]
}Ubuntu:24.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.74.3-1
2.74.3-2
2.74.3-3
2.74.3-6
2.74.3-6build1
2.74.3-6ubuntu1
2.74.3-6ubuntu1.1
2.74.3-6ubuntu1.2
2.74.3-6ubuntu1.3
2.74.3-6ubuntu1.4
2.74.3-6ubuntu1.5
2.74.3-6ubuntu1.6
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup-2.4-1",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup-gnome-2.4-1",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup2.4-common",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.74.3-6ubuntu1.6"
}
]
}libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.4.2-4
3.4.4-1
3.4.4-2
3.4.4-4
3.4.4-5
3.4.4-5build1
3.4.4-5build2
3.4.4-5ubuntu0.1
3.4.4-5ubuntu0.2
3.4.4-5ubuntu0.3
3.4.4-5ubuntu0.4
3.4.4-5ubuntu0.5
3.4.4-5ubuntu0.6
3.4.4-5ubuntu0.7
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-soup-3.0",
"binary_version": "3.4.4-5ubuntu0.7"
},
{
"binary_name": "libsoup-3.0-0",
"binary_version": "3.4.4-5ubuntu0.7"
},
{
"binary_name": "libsoup-3.0-common",
"binary_version": "3.4.4-5ubuntu0.7"
},
{
"binary_name": "libsoup-3.0-tests",
"binary_version": "3.4.4-5ubuntu0.7"
}
]
}Ubuntu:25.10
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.74.3-10
2.74.3-10.1
2.74.3-10.1ubuntu1
2.74.3-10.1ubuntu2
2.74.3-10.1ubuntu3
2.74.3-10.1ubuntu4
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.74.3-10.1ubuntu4"
},
{
"binary_name": "libsoup-2.4-1",
"binary_version": "2.74.3-10.1ubuntu4"
},
{
"binary_name": "libsoup-gnome-2.4-1",
"binary_version": "2.74.3-10.1ubuntu4"
},
{
"binary_name": "libsoup2.4-common",
"binary_version": "2.74.3-10.1ubuntu4"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.74.3-10.1ubuntu4"
}
]
}libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-soup-3.0",
"binary_version": "3.6.5-4ubuntu0.2"
},
{
"binary_name": "libsoup-3.0-0",
"binary_version": "3.6.5-4ubuntu0.2"
},
{
"binary_name": "libsoup-3.0-common",
"binary_version": "3.6.5-4ubuntu0.2"
},
{
"binary_name": "libsoup-3.0-tests",
"binary_version": "3.6.5-4ubuntu0.2"
}
]
}Ubuntu:26.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.74.3-10.1ubuntu5"
},
{
"binary_name": "libsoup-2.4-1",
"binary_version": "2.74.3-10.1ubuntu5"
},
{
"binary_name": "libsoup-gnome-2.4-1",
"binary_version": "2.74.3-10.1ubuntu5"
},
{
"binary_name": "libsoup2.4-common",
"binary_version": "2.74.3-10.1ubuntu5"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.74.3-10.1ubuntu5"
}
]
}Ubuntu:Pro:16.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=esm-infra%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.50.0-2debian1
2.52.1-1
2.52.2-1
2.52.2-1ubuntu0.1
2.52.2-1ubuntu0.2
2.52.2-1ubuntu0.3
2.52.2-1ubuntu0.3+esm1
2.52.2-1ubuntu0.3+esm2
2.52.2-1ubuntu0.3+esm3
2.52.2-1ubuntu0.3+esm4
2.52.2-1ubuntu0.3+esm5
Ubuntu:Pro:18.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=esm-infra%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.60.1-1
2.60.2-1
2.60.2-2
2.60.3-1
2.61.90-1
2.62.0-1
2.62.1-1
2.62.1-1ubuntu0.1
2.62.1-1ubuntu0.3
2.62.1-1ubuntu0.4
2.62.1-1ubuntu0.4+esm1
2.62.1-1ubuntu0.4+esm2
2.62.1-1ubuntu0.4+esm3
2.62.1-1ubuntu0.4+esm4
2.62.1-1ubuntu0.4+esm5
2.62.1-1ubuntu0.4+esm6
Ubuntu:Pro:20.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=esm-infra%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.68.2-0ubuntu1
2.68.2-1
2.68.2-2
2.68.2-2build2
2.69.90-1
2.70.0-1
2.70.0-1ubuntu0.1
2.70.0-1ubuntu0.2
2.70.0-1ubuntu0.3
2.70.0-1ubuntu0.4
2.70.0-1ubuntu0.5
2.70.0-1ubuntu0.5+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
},
{
"binary_name": "libsoup-gnome2.4-1",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
},
{
"binary_name": "libsoup2.4-1",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
}
]
}Ubuntu:Pro:22.04:LTS
libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.0.4-2
3.0.4-3
3.0.5-1
3.0.7-0ubuntu1
3.0.7-0ubuntu1+esm1
3.0.7-0ubuntu1+esm2
3.0.7-0ubuntu1+esm3
3.0.7-0ubuntu1+esm4
3.0.7-0ubuntu1+esm5
3.0.7-0ubuntu1+esm6
3.0.7-0ubuntu1+esm7
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-soup-3.0",
"binary_version": "3.0.7-0ubuntu1+esm7"
},
{
"binary_name": "libsoup-3.0-0",
"binary_version": "3.0.7-0ubuntu1+esm7"
},
{
"binary_name": "libsoup-3.0-common",
"binary_version": "3.0.7-0ubuntu1+esm7"
},
{
"binary_name": "libsoup-3.0-tests",
"binary_version": "3.0.7-0ubuntu1+esm7"
}
]
}