libsoup contains an HTTP request smuggling vulnerability in its chunked transfer encoding parser. The library accepts lone LF (\n) characters instead of requiring CRLF (\r\n) as mandated by RFC 9112, enabling request smuggling attacks when deployed behind RFC-compliant proxies.

Reference: https://gitlab.gnome.org/GNOME/libsoup/-/issues/481