UBUNTU-CVE-2026-3633
- Source
- https://ubuntu.com/security/CVE-2026-3633
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-3633.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-3633
- Upstream
- Published
- 2026-03-17T10:16:00Z
- Modified
- 2026-05-20T16:25:37.545026448Z
- Severity
-
- 3.9 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the
soup_message_new()function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage Return Line Feed) injection, occurs because the method value is not properly escaped during request line construction, potentially leading to HTTP request injection. - References
Affected packages
Ubuntu:22.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.72.0-3ubuntu3
2.74.1-1
2.74.2-2
2.74.2-3
2.74.2-3ubuntu0.1
2.74.2-3ubuntu0.2
2.74.2-3ubuntu0.3
2.74.2-3ubuntu0.4
2.74.2-3ubuntu0.5
2.74.2-3ubuntu0.6
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.74.2-3ubuntu0.6",
"binary_name": "gir1.2-soup-2.4"
},
{
"binary_version": "2.74.2-3ubuntu0.6",
"binary_name": "libsoup-gnome2.4-1"
},
{
"binary_version": "2.74.2-3ubuntu0.6",
"binary_name": "libsoup2.4-1"
},
{
"binary_version": "2.74.2-3ubuntu0.6",
"binary_name": "libsoup2.4-common"
},
{
"binary_version": "2.74.2-3ubuntu0.6",
"binary_name": "libsoup2.4-tests"
}
]
}Ubuntu:24.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.74.3-1
2.74.3-2
2.74.3-3
2.74.3-6
2.74.3-6build1
2.74.3-6ubuntu1
2.74.3-6ubuntu1.1
2.74.3-6ubuntu1.2
2.74.3-6ubuntu1.3
2.74.3-6ubuntu1.4
2.74.3-6ubuntu1.5
2.74.3-6ubuntu1.6
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.74.3-6ubuntu1.6",
"binary_name": "gir1.2-soup-2.4"
},
{
"binary_version": "2.74.3-6ubuntu1.6",
"binary_name": "libsoup-2.4-1"
},
{
"binary_version": "2.74.3-6ubuntu1.6",
"binary_name": "libsoup-gnome-2.4-1"
},
{
"binary_version": "2.74.3-6ubuntu1.6",
"binary_name": "libsoup2.4-common"
},
{
"binary_version": "2.74.3-6ubuntu1.6",
"binary_name": "libsoup2.4-tests"
}
]
}libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.4.2-4
3.4.4-1
3.4.4-2
3.4.4-4
3.4.4-5
3.4.4-5build1
3.4.4-5build2
3.4.4-5ubuntu0.1
3.4.4-5ubuntu0.2
3.4.4-5ubuntu0.3
3.4.4-5ubuntu0.4
3.4.4-5ubuntu0.5
3.4.4-5ubuntu0.6
3.4.4-5ubuntu0.7
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.4.4-5ubuntu0.7",
"binary_name": "gir1.2-soup-3.0"
},
{
"binary_version": "3.4.4-5ubuntu0.7",
"binary_name": "libsoup-3.0-0"
},
{
"binary_version": "3.4.4-5ubuntu0.7",
"binary_name": "libsoup-3.0-common"
},
{
"binary_version": "3.4.4-5ubuntu0.7",
"binary_name": "libsoup-3.0-tests"
}
]
}Ubuntu:25.10
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.74.3-10
2.74.3-10.1
2.74.3-10.1ubuntu1
2.74.3-10.1ubuntu2
2.74.3-10.1ubuntu3
2.74.3-10.1ubuntu4
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.74.3-10.1ubuntu4",
"binary_name": "gir1.2-soup-2.4"
},
{
"binary_version": "2.74.3-10.1ubuntu4",
"binary_name": "libsoup-2.4-1"
},
{
"binary_version": "2.74.3-10.1ubuntu4",
"binary_name": "libsoup-gnome-2.4-1"
},
{
"binary_version": "2.74.3-10.1ubuntu4",
"binary_name": "libsoup2.4-common"
},
{
"binary_version": "2.74.3-10.1ubuntu4",
"binary_name": "libsoup2.4-tests"
}
]
}libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.6.5-4ubuntu0.2",
"binary_name": "gir1.2-soup-3.0"
},
{
"binary_version": "3.6.5-4ubuntu0.2",
"binary_name": "libsoup-3.0-0"
},
{
"binary_version": "3.6.5-4ubuntu0.2",
"binary_name": "libsoup-3.0-common"
},
{
"binary_version": "3.6.5-4ubuntu0.2",
"binary_name": "libsoup-3.0-tests"
}
]
}Ubuntu:26.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.74.3-10.1ubuntu5",
"binary_name": "gir1.2-soup-2.4"
},
{
"binary_version": "2.74.3-10.1ubuntu5",
"binary_name": "libsoup-2.4-1"
},
{
"binary_version": "2.74.3-10.1ubuntu5",
"binary_name": "libsoup-gnome-2.4-1"
},
{
"binary_version": "2.74.3-10.1ubuntu5",
"binary_name": "libsoup2.4-common"
},
{
"binary_version": "2.74.3-10.1ubuntu5",
"binary_name": "libsoup2.4-tests"
}
]
}libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.6.6-1",
"binary_name": "gir1.2-soup-3.0"
},
{
"binary_version": "3.6.6-1",
"binary_name": "libsoup-3.0-0"
},
{
"binary_version": "3.6.6-1",
"binary_name": "libsoup-3.0-common"
},
{
"binary_version": "3.6.6-1",
"binary_name": "libsoup-3.0-tests"
}
]
}Ubuntu:Pro:16.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=esm-infra%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.50.0-2debian1
2.52.1-1
2.52.2-1
2.52.2-1ubuntu0.1
2.52.2-1ubuntu0.2
2.52.2-1ubuntu0.3
2.52.2-1ubuntu0.3+esm1
2.52.2-1ubuntu0.3+esm2
2.52.2-1ubuntu0.3+esm3
2.52.2-1ubuntu0.3+esm4
2.52.2-1ubuntu0.3+esm5
Ubuntu:Pro:18.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=esm-infra%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.60.1-1
2.60.2-1
2.60.2-2
2.60.3-1
2.61.90-1
2.62.0-1
2.62.1-1
2.62.1-1ubuntu0.1
2.62.1-1ubuntu0.3
2.62.1-1ubuntu0.4
2.62.1-1ubuntu0.4+esm1
2.62.1-1ubuntu0.4+esm2
2.62.1-1ubuntu0.4+esm3
2.62.1-1ubuntu0.4+esm4
2.62.1-1ubuntu0.4+esm5
2.62.1-1ubuntu0.4+esm6
Ubuntu:Pro:20.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=esm-infra%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.68.2-0ubuntu1
2.68.2-1
2.68.2-2
2.68.2-2build2
2.69.90-1
2.70.0-1
2.70.0-1ubuntu0.1
2.70.0-1ubuntu0.2
2.70.0-1ubuntu0.3
2.70.0-1ubuntu0.4
2.70.0-1ubuntu0.5
2.70.0-1ubuntu0.5+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.70.0-1ubuntu0.5+esm1",
"binary_name": "gir1.2-soup-2.4"
},
{
"binary_version": "2.70.0-1ubuntu0.5+esm1",
"binary_name": "libsoup-gnome2.4-1"
},
{
"binary_version": "2.70.0-1ubuntu0.5+esm1",
"binary_name": "libsoup2.4-1"
},
{
"binary_version": "2.70.0-1ubuntu0.5+esm1",
"binary_name": "libsoup2.4-tests"
}
]
}Ubuntu:Pro:22.04:LTS
libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.0.4-2
3.0.4-3
3.0.5-1
3.0.7-0ubuntu1
3.0.7-0ubuntu1+esm1
3.0.7-0ubuntu1+esm2
3.0.7-0ubuntu1+esm3
3.0.7-0ubuntu1+esm4
3.0.7-0ubuntu1+esm5
3.0.7-0ubuntu1+esm6
3.0.7-0ubuntu1+esm7
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.0.7-0ubuntu1+esm7",
"binary_name": "gir1.2-soup-3.0"
},
{
"binary_version": "3.0.7-0ubuntu1+esm7",
"binary_name": "libsoup-3.0-0"
},
{
"binary_version": "3.0.7-0ubuntu1+esm7",
"binary_name": "libsoup-3.0-common"
},
{
"binary_version": "3.0.7-0ubuntu1+esm7",
"binary_name": "libsoup-3.0-tests"
}
]
}