Medium severity5.9NVD Advisory· Published Mar 30, 2026· Updated Jun 9, 2026
CVE-2026-5119
CVE-2026-5119
Description
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*
- (no CPE)
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- osv-coords5 versionspkg:rpm/almalinux/libsouppkg:rpm/almalinux/libsoup3pkg:rpm/almalinux/libsoup3-develpkg:rpm/almalinux/libsoup3-docpkg:rpm/almalinux/libsoup-devel
< 2.72.0-12.el9_7.6+ 4 more
- (no CPE)range: < 2.72.0-12.el9_7.6
- (no CPE)range: < 3.6.5-3.el10_2.11
- (no CPE)range: < 3.6.5-3.el10_2.11
- (no CPE)range: < 3.6.5-3.el10_1.11
- (no CPE)range: < 2.72.0-12.el9_7.6
Patches
Vulnerability mechanics
References
17- gitlab.gnome.org/GNOME/libsoup/-/issues/502nvdExploitIssue Tracking
- access.redhat.com/security/cve/CVE-2026-5119nvdMitigationVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor Advisory
- access.redhat.com/errata/RHSA-2026:13978nvd
- access.redhat.com/errata/RHSA-2026:14087nvd
- access.redhat.com/errata/RHSA-2026:15968nvd
- access.redhat.com/errata/RHSA-2026:17482nvd
- access.redhat.com/errata/RHSA-2026:19143nvd
- access.redhat.com/errata/RHSA-2026:19356nvd
- access.redhat.com/errata/RHSA-2026:21686nvd
- access.redhat.com/errata/RHSA-2026:22316nvd
- access.redhat.com/errata/RHSA-2026:22317nvd
- access.redhat.com/errata/RHSA-2026:22323nvd
- access.redhat.com/errata/RHSA-2026:22710nvd
- access.redhat.com/errata/RHSA-2026:22716nvd
- access.redhat.com/errata/RHSA-2026:24344nvd
- access.redhat.com/errata/RHSA-2026:24722nvd
News mentions
0No linked articles in our index yet.