Unrated severityNVD Advisory· Published Jan 28, 2026· Updated Mar 25, 2026
Libsoup: libsoup: credential leakage via http redirects
CVE-2026-1539
Description
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
40- osv-coords39 versionspkg:rpm/opensuse/libsoup2&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libsoup2&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/libsoup2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libsoup&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libsoup&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/libsoup&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Micro%206.2
< 2.74.3-150600.4.30.1+ 38 more
- (no CPE)range: < 2.74.3-150600.4.30.1
- (no CPE)range: < 2.74.3-160000.4.1
- (no CPE)range: < 2.74.3-18.1
- (no CPE)range: < 3.4.4-150600.3.37.1
- (no CPE)range: < 3.6.6-160000.1.1
- (no CPE)range: < 3.6.6-2.1
- (no CPE)range: < 2.74.2-150400.3.31.1
- (no CPE)range: < 2.74.2-150400.3.31.1
- (no CPE)range: < 2.74.2-150400.3.31.1
- (no CPE)range: < 2.74.2-150400.3.31.1
- (no CPE)range: < 2.74.2-150400.3.31.1
- (no CPE)range: < 2.74.2-150400.3.31.1
- (no CPE)range: < 2.74.2-150400.3.31.1
- (no CPE)range: < 2.74.3-150600.4.30.1
- (no CPE)range: < 2.74.2-150400.3.31.1
- (no CPE)range: < 2.74.2-150400.3.31.1
- (no CPE)range: < 2.74.3-150600.4.30.1
- (no CPE)range: < 2.74.2-150400.3.31.1
- (no CPE)range: < 2.74.2-150400.3.31.1
- (no CPE)range: < 2.74.3-150600.4.30.1
- (no CPE)range: < 3.0.4-150400.3.37.1
- (no CPE)range: < 3.0.4-150400.3.37.1
- (no CPE)range: < 3.0.4-150400.3.37.1
- (no CPE)range: < 3.0.4-150400.3.37.1
- (no CPE)range: < 2.68.4-150200.4.33.1
- (no CPE)range: < 3.4.4-150600.3.37.1
- (no CPE)range: < 2.62.2-5.37.1
- (no CPE)range: < 3.0.4-150400.3.37.1
- (no CPE)range: < 3.0.4-150400.3.37.1
- (no CPE)range: < 3.4.4-150600.3.37.1
- (no CPE)range: < 3.6.6-160000.1.1
- (no CPE)range: < 3.0.4-150400.3.37.1
- (no CPE)range: < 3.0.4-150400.3.37.1
- (no CPE)range: < 3.4.4-150600.3.37.1
- (no CPE)range: < 3.6.6-160000.1.1
- (no CPE)range: < 2.62.2-5.37.1
- (no CPE)range: < 3.4.2-14.1
- (no CPE)range: < 3.4.4-slfo.1.1_7.1
- (no CPE)range: < 3.6.6-160000.1.1
Patches
Vulnerability mechanics
References
2- access.redhat.com/security/cve/CVE-2026-1539mitrevdb-entryx_refsource_REDHAT
- gitlab.gnome.org/GNOME/libsoup/-/issues/489mitre
News mentions
0No linked articles in our index yet.