CVE-2026-5119

MEDIUM

libsoup security update

Details

CVSS v3: 5.9
NVD published: 2026-03-30 07:15:58
EPSS: <0.1% probability · 0.9th percentile — 2026-05-06
Affected versions: cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
Summary: A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
Remediation: Not available in our cache.
Exploit info: https://gitlab.gnome.org/GNOME/libsoup/-/issues/502

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.