NextGuard
UNKNOWNCVE-2026-5119

Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment

Platform

linux

Component

libsoup

View on NVD

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.

How to fix

Actualice libsoup a la última versión disponible proporcionada por Red Hat. Esto solucionará la vulnerabilidad que permite la transmisión de cookies en texto plano durante el establecimiento de túneles HTTPS a través de un proxy HTTP.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
CVE-2026-5119 — Vulnerability Details | NextGuard | NextGuard