Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache Libsoup: Malicious Web Requests and Leaked Credentials

SUSE-SU-2026:0833-1
Summary

The Apache Libsoup library is used by some websites and applications to handle HTTP requests and redirects. If not updated, it could allow hackers to make unintended requests or steal login credentials. Update to the latest version to fix these issues and protect your users.

What to do
  • Update libsoup to version 3.0.4-150400.3.37.1.
Affected software
VendorProductAffected versionsFix available
libsoup <= 3.0.4-150400.3.37.1 3.0.4-150400.3.37.1
libsoup <= 3.0.4-150400.3.37.1 3.0.4-150400.3.37.1
libsoup <= 3.0.4-150400.3.37.1 3.0.4-150400.3.37.1
libsoup <= 3.0.4-150400.3.37.1 3.0.4-150400.3.37.1
libsoup <= 3.0.4-150400.3.37.1 3.0.4-150400.3.37.1
libsoup <= 3.0.4-150400.3.37.1 3.0.4-150400.3.37.1
libsoup <= 3.0.4-150400.3.37.1 3.0.4-150400.3.37.1
libsoup <= 3.0.4-150400.3.37.1 3.0.4-150400.3.37.1
Original title
Security update for libsoup
Original description
This update for libsoup fixes the following issues:

- CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398).
- CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects
(bsc#1257441).
- CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request
smuggling and potential DoS (bsc#1257597).
Published: 5 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026