CVE-2026-5119

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-5119
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/security/cve/CVE-2026-5119 Vendor Advisory Mitigation
https://bugzilla.redhat.com/show_bug.cgi?id=2452932 Issue Tracking Vendor Advisory
https://gitlab.gnome.org/GNOME/libsoup/-/issues/502 Exploit Issue Tracking
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
History

01 Apr 2026, 17:45

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en libsoup. Al establecer túneles HTTPS a través de un proxy HTTP configurado, las cookies de sesión sensibles se transmiten en texto claro dentro de la solicitud HTTP CONNECT inicial. Un atacante posicionado en la red o un proxy HTTP malicioso puede interceptar estas cookies, lo que podría conducir al secuestro potencial de la sesión o a la suplantación de identidad del usuario.
CPE cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*
First Time Redhat
Gnome
Gnome libsoup
Redhat enterprise Linux
References () https://access.redhat.com/security/cve/CVE-2026-5119 - () https://access.redhat.com/security/cve/CVE-2026-5119 - Vendor Advisory, Mitigation
References () https://bugzilla.redhat.com/show_bug.cgi?id=2452932 - () https://bugzilla.redhat.com/show_bug.cgi?id=2452932 - Issue Tracking, Vendor Advisory
References () https://gitlab.gnome.org/GNOME/libsoup/-/issues/502 - () https://gitlab.gnome.org/GNOME/libsoup/-/issues/502 - Exploit, Issue Tracking

30 Mar 2026, 07:15

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-30 07:15

Updated : 2026-04-01 17:45

NVD link : CVE-2026-5119

Mitre link : CVE-2026-5119

CVE.ORG link : CVE-2026-5119

JSON object : View

Products Affected

redhat

  • enterprise_linux

gnome

  • libsoup
CWE
CWE-319

Cleartext Transmission of Sensitive Information