Vulnerability in libsoup Affects Network Security
CVE-2026-5119

5.9MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 10.0 Extended Update Support; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 30 March 2026

🔔 Create Red Hat Vulnerability Alert

What is CVE-2026-5119?

A vulnerability exists in libsoup that compromises the security of sensitive session cookies. During the process of establishing HTTPS tunnels via a configured HTTP proxy, these cookies are transmitted in cleartext within the initial HTTP CONNECT request. This flaw allows a network attacker or a malicious proxy to intercept sensitive data, raising concerns about potential session hijacking and user impersonation.

Affected Version(s)

Red Hat Enterprise Linux 10 0:3.6.5-3.el10_1.11

Red Hat Enterprise Linux 10 0:3.6.5-3.el10_2.11

Red Hat Enterprise Linux 10.0 Extended Update Support 0:3.6.5-3.el10_0.15

References

https://access.redhat.com/errata/RHSA-2026:13978

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2026:14087

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2026:15968

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2026
Vulnerability Reserved
Mar 30, 2026

Credit

Red Hat would like to thank Kona Arctic for reporting this issue.

CVE-2026-5119 Data

.