3 matches found
CLSA-2026-1776763910 libsoup: Fix of 2 CVEs
CVE-2026-1467: validate URI host characters when checking if a URI is valid - CVE-2026-1539: fix proxy credentials leak on cross-origin HTTP redirect...
CLSA-2026-1776763201 libsoup: Fix of 2 CVEs
CVE-2026-1467: validate URI host characters when checking if a URI is valid - CVE-2026-1539: fix proxy credentials leak on cross-origin HTTP redirect...
CVE-2026-34835
Rack exposes a vulnerability in Rack::Request where Host header parsing uses an AUTHORITY regex that accepts characters not allowed by RFC hostnames (e.g., /, ?, #, @). Versions affected: 3.0.0.beta1 through 3.1.20, and 3.2.0 through 3.2.5. This can allow host header poisoning when apps rely on r...