Unrated severityNVD Advisory· Published Mar 12, 2026· Updated May 1, 2026
Libsoup: libsoup: authentication bypass via digest authentication replay attack
CVE-2026-3099
Description
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:/o:redhat:enterprise_linux:10+ 4 more
- cpe:/o:redhat:enterprise_linux:10
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
- cpe:/o:redhat:enterprise_linux:8
- cpe:/o:redhat:enterprise_linux:9
Patches
Vulnerability mechanics
References
3- access.redhat.com/security/cve/CVE-2026-3099mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- gitlab.gnome.org/GNOME/libsoup/-/issues/495mitre
News mentions
0No linked articles in our index yet.