UBUNTU-CVE-2026-3632
- Source
- https://ubuntu.com/security/CVE-2026-3632
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-3632.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-3632
- Upstream
- Published
- 2026-03-17T10:16:00Z
- Modified
- 2026-05-20T16:25:38.087556332Z
- Severity
-
- 3.9 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where they can send hidden, malicious requests alongside legitimate ones. In certain situations, this could lead to Server-Side Request Forgery (SSRF), enabling an attacker to force the server to make unauthorized requests to other internal or external systems. The impact is low, as SoupServer is not actually used in internet infrastructure.
- References
Affected packages
Ubuntu:22.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.72.0-3ubuntu3
2.74.1-1
2.74.2-2
2.74.2-3
2.74.2-3ubuntu0.1
2.74.2-3ubuntu0.2
2.74.2-3ubuntu0.3
2.74.2-3ubuntu0.4
2.74.2-3ubuntu0.5
2.74.2-3ubuntu0.6
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup-gnome2.4-1",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup2.4-1",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup2.4-common",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.74.2-3ubuntu0.6"
}
]
}Ubuntu:24.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.74.3-1
2.74.3-2
2.74.3-3
2.74.3-6
2.74.3-6build1
2.74.3-6ubuntu1
2.74.3-6ubuntu1.1
2.74.3-6ubuntu1.2
2.74.3-6ubuntu1.3
2.74.3-6ubuntu1.4
2.74.3-6ubuntu1.5
2.74.3-6ubuntu1.6
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup-2.4-1",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup-gnome-2.4-1",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup2.4-common",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.74.3-6ubuntu1.6"
}
]
}libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.4.2-4
3.4.4-1
3.4.4-2
3.4.4-4
3.4.4-5
3.4.4-5build1
3.4.4-5build2
3.4.4-5ubuntu0.1
3.4.4-5ubuntu0.2
3.4.4-5ubuntu0.3
3.4.4-5ubuntu0.4
3.4.4-5ubuntu0.5
3.4.4-5ubuntu0.6
3.4.4-5ubuntu0.7
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-soup-3.0",
"binary_version": "3.4.4-5ubuntu0.7"
},
{
"binary_name": "libsoup-3.0-0",
"binary_version": "3.4.4-5ubuntu0.7"
},
{
"binary_name": "libsoup-3.0-common",
"binary_version": "3.4.4-5ubuntu0.7"
},
{
"binary_name": "libsoup-3.0-tests",
"binary_version": "3.4.4-5ubuntu0.7"
}
]
}Ubuntu:25.10
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.74.3-10
2.74.3-10.1
2.74.3-10.1ubuntu1
2.74.3-10.1ubuntu2
2.74.3-10.1ubuntu3
2.74.3-10.1ubuntu4
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.74.3-10.1ubuntu4"
},
{
"binary_name": "libsoup-2.4-1",
"binary_version": "2.74.3-10.1ubuntu4"
},
{
"binary_name": "libsoup-gnome-2.4-1",
"binary_version": "2.74.3-10.1ubuntu4"
},
{
"binary_name": "libsoup2.4-common",
"binary_version": "2.74.3-10.1ubuntu4"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.74.3-10.1ubuntu4"
}
]
}libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-soup-3.0",
"binary_version": "3.6.5-4ubuntu0.2"
},
{
"binary_name": "libsoup-3.0-0",
"binary_version": "3.6.5-4ubuntu0.2"
},
{
"binary_name": "libsoup-3.0-common",
"binary_version": "3.6.5-4ubuntu0.2"
},
{
"binary_name": "libsoup-3.0-tests",
"binary_version": "3.6.5-4ubuntu0.2"
}
]
}Ubuntu:26.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.74.3-10.1ubuntu5"
},
{
"binary_name": "libsoup-2.4-1",
"binary_version": "2.74.3-10.1ubuntu5"
},
{
"binary_name": "libsoup-gnome-2.4-1",
"binary_version": "2.74.3-10.1ubuntu5"
},
{
"binary_name": "libsoup2.4-common",
"binary_version": "2.74.3-10.1ubuntu5"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.74.3-10.1ubuntu5"
}
]
}libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-soup-3.0",
"binary_version": "3.6.6-1"
},
{
"binary_name": "libsoup-3.0-0",
"binary_version": "3.6.6-1"
},
{
"binary_name": "libsoup-3.0-common",
"binary_version": "3.6.6-1"
},
{
"binary_name": "libsoup-3.0-tests",
"binary_version": "3.6.6-1"
}
]
}Ubuntu:Pro:16.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=esm-infra%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.50.0-2debian1
2.52.1-1
2.52.2-1
2.52.2-1ubuntu0.1
2.52.2-1ubuntu0.2
2.52.2-1ubuntu0.3
2.52.2-1ubuntu0.3+esm1
2.52.2-1ubuntu0.3+esm2
2.52.2-1ubuntu0.3+esm3
2.52.2-1ubuntu0.3+esm4
2.52.2-1ubuntu0.3+esm5
Ubuntu:Pro:18.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=esm-infra%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.60.1-1
2.60.2-1
2.60.2-2
2.60.3-1
2.61.90-1
2.62.0-1
2.62.1-1
2.62.1-1ubuntu0.1
2.62.1-1ubuntu0.3
2.62.1-1ubuntu0.4
2.62.1-1ubuntu0.4+esm1
2.62.1-1ubuntu0.4+esm2
2.62.1-1ubuntu0.4+esm3
2.62.1-1ubuntu0.4+esm4
2.62.1-1ubuntu0.4+esm5
2.62.1-1ubuntu0.4+esm6
Ubuntu:Pro:20.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=esm-infra%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.68.2-0ubuntu1
2.68.2-1
2.68.2-2
2.68.2-2build2
2.69.90-1
2.70.0-1
2.70.0-1ubuntu0.1
2.70.0-1ubuntu0.2
2.70.0-1ubuntu0.3
2.70.0-1ubuntu0.4
2.70.0-1ubuntu0.5
2.70.0-1ubuntu0.5+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
},
{
"binary_name": "libsoup-gnome2.4-1",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
},
{
"binary_name": "libsoup2.4-1",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
}
]
}Ubuntu:Pro:22.04:LTS
libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.0.4-2
3.0.4-3
3.0.5-1
3.0.7-0ubuntu1
3.0.7-0ubuntu1+esm1
3.0.7-0ubuntu1+esm2
3.0.7-0ubuntu1+esm3
3.0.7-0ubuntu1+esm4
3.0.7-0ubuntu1+esm5
3.0.7-0ubuntu1+esm6
3.0.7-0ubuntu1+esm7
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-soup-3.0",
"binary_version": "3.0.7-0ubuntu1+esm7"
},
{
"binary_name": "libsoup-3.0-0",
"binary_version": "3.0.7-0ubuntu1+esm7"
},
{
"binary_name": "libsoup-3.0-common",
"binary_version": "3.0.7-0ubuntu1+esm7"
},
{
"binary_name": "libsoup-3.0-tests",
"binary_version": "3.0.7-0ubuntu1+esm7"
}
]
}