Home > Vulnerability Database > CVE-2026-1536

Mend.io Vulnerability Database

CVE-2026-1536

Good to know:

Date: January 28, 2026

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP headers to be injected. This vulnerability can lead to HTTP header injection or HTTP response splitting without requiring authentication or user interaction.

Severity Score

5.8

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-1536

Url: https://access.redhat.com/security/cve/CVE-2026-1536

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2433834

Url: https://www.mend.io/vulnerability-database/CVE-2026-1536

Severity Score

5.8

Weakness Type (CWE)

Improper Neutralization of CRLF Sequences ('CRLF Injection')

CWE-93

CVSS v3.1

Base Score:	5.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2026-1536

Good to know:

Date: January 28, 2026

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?