5.8

CVE-2026-1539

EPSS 0.06%
Veröffentlicht 28.01.2026 15:15:48
Zuletzt bearbeitet 25.03.2026 14:08:59
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Libsoup: libsoup: credential leakage via http redirects

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 6 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnome ≫ Libsoup Version-

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Version10.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.181

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
secalert@redhat.com	5.8	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CWE-201 Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

https://access.redhat.com/security/cve/CVE-2026-1539

Third Party Advisory

https://gitlab.gnome.org/GNOME/libsoup/-/issues/489

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-1539

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-1539

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-1539

EUVD