{}

{}

{}

{"bugzilla": {"description": "libsoup: libsoup: HTTP Request Smuggling via Duplicate Content-Length Headers", "id": "2440743", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440743"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-444", "details": ["No description is available for this CVE."], "name": "CVE-2026-2708", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Under investigation", "package_name": "libsoup3", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "libsoup", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "libsoup", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "libsoup", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "libsoup", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-18T20:13:57Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-2708\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2708"], "statement": "The practical impact is limited because SoupServer is a testing and development utility, not designed for production internet infrastructure. Exploitation requires a deployment topology where SoupServer is serving real traffic behind (or in front of) another HTTP server acting as a proxy \u2014 a scenario that contradicts its intended use.", "threat_severity": "Low"}