VYPR
Unrated severityNVD Advisory· Published Jan 28, 2026· Updated Mar 25, 2026

Libsoup: libsoup: credential leakage via http redirects

CVE-2026-1539

Description

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

40

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.