VIR Vulnerability Intelligence Relay

CVE-2026-5119

medium
Published 2026-05-06 · Modified 2026-05-26
💬 Discuss on Community ✚ Propose mitigation
CVSS v3
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
CVSS v4 NEW
—
not yet in upstream
VIR risk
5.9

Description

Moderate: libsoup security update

Predictions

Exploit likelihood
69%
Patch ETA
—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment Red Hat statement Moderate impact. This flaw in libsoup allows sensitive session cookies to be transmitted in cleartext within the initial HTTP CONNECT request when establishing HTTPS tunnels through a configured HTTP proxy. A network-positioned attacker or a malicious HTTP…

Description

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

Red Hat statement

Moderate impact. This flaw in libsoup allows sensitive session cookies to be transmitted in cleartext within the initial HTTP CONNECT request when establishing HTTPS tunnels through a configured HTTP proxy. A network-positioned attacker or a malicious HTTP proxy could intercept these cookies, potentially leading to session hijacking or user impersonation. This affects Red Hat Enterprise Linux systems configured to use an HTTP proxy for HTTPS connections.

CVSS v3: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 10libsoup3-0:3.6.5-3.el10_1.11RHSA-2026:159682026-05-11T00:00:00Z
Red Hat Enterprise Linux 10libsoup3-0:3.6.5-3.el10_2.11RHSA-2026:191432026-05-19T00:00:00Z
Red Hat Enterprise Linux 10.0 Extended Update Supportlibsoup3-0:3.6.5-3.el10_0.15RHSA-2026:174822026-05-14T00:00:00Z
Red Hat Enterprise Linux 8libsoup-0:2.62.3-14.el8_10RHSA-2026:140872026-05-06T00:00:00Z
Red Hat Enterprise Linux 8libsoup-0:2.62.3-14.el8_10RHSA-2026:140872026-05-06T00:00:00Z
Red Hat Enterprise Linux 9libsoup-0:2.72.0-12.el9_7.6RHSA-2026:139782026-05-06T00:00:00Z
Red Hat Enterprise Linux 9libsoup-0:2.72.0-16.el9_8.1RHSA-2026:193562026-05-19T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutionslibsoup-0:2.72.0-8.el9_0.10RHSA-2026:216862026-05-28T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 6libsoupOut of support scope
Red Hat Enterprise Linux 7libsoupAffected

Apply commands

bash fix
Apply RHSA-2026:15968 for Red Hat Enterprise Linux 10
yum update -y libsoup3
# or:
dnf upgrade -y libsoup3

Affected

VendorProductVersion
redhatRed Hat Enterprise Linux 7Affected

OS impact
OSVersionStatusFixed in
redhat rhel9fixed
debian debianforkyaffected
debian debiansidaffected
debian debianbookwormaffected
debian debianbullseyeaffected
debian debiantrixieaffected
suse slesaffected
rockylinux rocky9fixed
redhat rhel7.0affected
redhat rhel8.0affected
redhat rhel9.0affected
redhat rhel10.0affected
almalinux almalinux9fixedlibsoup-devel-2.72.0-16.el9_8.1.aarch64.rpm

Application impact
VendorProductVersionsFixed
gnomelibsoup-

References

CWEs

CWE-319

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.