CVE-2026-6324NVD

Vulnerability Summary

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the `soup_body_input_stream_read_chunked()` function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a non-libsoup backend server. Successful exploitation can allow an attacker to bypass security controls, poison web caches, or gain unauthorized access.

Severity Level

MEDIUM(4.8)

Published Date

May 29, 2026

Last Modified

May 29, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

CWE-444: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityHigh

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityLow

IntegrityLow

AvailabilityNone

External References

https://access.redhat.com/security/cve/CVE-2026-6324
https://bugzilla.redhat.com/show_bug.cgi?id=2458479
https://gitlab.gnome.org/GNOME/libsoup/-/issues/508
https://gitlab.gnome.org/GNOME/libsoup/-/work_items/508