Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3879 articles · 169570 vulns · 37/41 feeds (7d)
← Back to list
4.8
CVE-2026-6324EXPLOITED
the gnome project · libsoup

Libsoup: libsoup: http request smuggling via unsigned to signed conversion error

Description

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the `soup_body_input_stream_read_chunked()` function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a non-libsoup backend server. Successful exploitation can allow an attacker to bypass security controls, poison web caches, or gain unauthorized access.

Affected Products

VendorProductVersions
the gnome projectlibsoup—

References

  • https://access.redhat.com/security/cve/CVE-2026-6324(vdb-entry, x_refsource_REDHAT)
  • https://bugzilla.redhat.com/show_bug.cgi?id=2458479(issue-tracking, x_refsource_REDHAT)
  • https://gitlab.gnome.org/GNOME/libsoup/-/issues/508

Related News (3 articles)

Tier A
Microsoft MSRC29d ago
CVE-2026-6324 Libsoup: libsoup: http request smuggling via unsigned to signed conversion error
→ No new info (linked only)
Tier B
BSI Advisories30d ago
[UPDATE] [mittel] Red Hat Enterprise Linux: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
→ No new info (linked only)
Tier C
VulDB33d ago
CVE-2026-6324 | GNOME libsoup non-libsoup Backend soup_body_input_stream_read_chunked request smuggling (ID 508)
→ No new info (linked only)
CVSS 3.14.8 NONE
CISA KEV❌ No
Actively exploited✅ Yes
CWECWE-444
PublishedMay 29, 2026
Last enriched33d agov2
Tags
multiple vulnerabilitiesauthenticated remote attack
Trending Score1
Source articles3
Independent3
Info Completeness7/14
Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-58011EXP
Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime
Trending: 78
CRITICALCVE-2026-58012EXP
Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()
Trending: 70
HIGHCVE-2026-58016EXP
Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"
Trending: 67
CRITICALCVE-2026-58015EXP
Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive
Trending: 60
NONECVE-2018-25305EXP
librsvg2-bin 2.40.13 Buffer Overflow via Malformed SVG

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
May 29, 2026
Discovered by ZDM
May 29, 2026
Updated: description, severity, activelyExploited
May 29, 2026
Actively Exploited
May 29, 2026

Version History

v2
Last enriched 33d ago
v2Tier C33d ago

Updated vendor to GNOME, product to libsoup, severity to CRITICAL, and marked the vulnerability as actively exploited.

descriptionseverityactivelyExploited
via VulDB
v133d ago

Initial creation