anonhaven
Ad

CVE-2026-5119

MEDIUM CVSS 3.1: 5.9 EPSS 0.01%
Updated Mar 30, 2026
Red Hat
Parameter Value
CVSS 5.9 (MEDIUM)
Type CWE-319 (Cleartext Transmission)
Vendor Red Hat
Public PoC No

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-319 Cleartext Transmission

Vulnerable Products

red hat:red hat enterprise linux 9 red hat:red hat enterprise linux 6 red hat:red hat enterprise linux 8 red hat:red hat enterprise linux 10 red hat:red hat enterprise linux 7

References 3

https://access.redhat.com/security/cve/CVE-2026-5119
secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2452932
secalert@redhat.com
https://gitlab.gnome.org/GNOME/libsoup/-/issues/502
secalert@redhat.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-35093

Fedoraproject

8.8

CVE-2026-5121

Red Hat

7.5

CVE-2026-0965

Red Hat

3.3

CVE-2026-0967

Red Hat

2.2

CVE-2026-4887

Red Hat

6.1