8.2
CVE-2026-5119
- EPSS 0.25%
- Veröffentlicht 30.03.2026 05:35:57
- Zuletzt bearbeitet 09.06.2026 10:16:44
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.165 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.2 | 3.9 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
|
| secalert@redhat.com | 5.9 | 1.6 | 4.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
https://access.redhat.com/security/cve/CVE-2026-5119
https://bugzilla.redhat.com/show_bug.cgi?id=2452932
https://gitlab.gnome.org/GNOME/libsoup/-/issues/502
https://access.redhat.com/errata/RHSA-2026:13978
https://access.redhat.com/errata/RHSA-2026:14087
https://access.redhat.com/errata/RHSA-2026:15968
https://access.redhat.com/errata/RHSA-2026:17482
https://access.redhat.com/errata/RHSA-2026:19143
https://access.redhat.com/errata/RHSA-2026:19356
https://access.redhat.com/errata/RHSA-2026:21686
https://access.redhat.com/errata/RHSA-2026:22316
https://access.redhat.com/errata/RHSA-2026:22323
https://access.redhat.com/errata/RHSA-2026:22317
https://access.redhat.com/errata/RHSA-2026:22710
https://access.redhat.com/errata/RHSA-2026:22716
https://access.redhat.com/errata/RHSA-2026:24344
https://access.redhat.com/errata/RHSA-2026:24722