CVE-2026-5119 in GNOME libsoup
Résumé (Anglaise)
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
Responsable
redhat
Réserver
30/03/2026
Divulgation
30/03/2026
Entrées
| ID | Vulnérabilité | CWE | Base | Temp | 0day | Aujourd'hui | Exp | KEV | EPSS | CTI | Con | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 354152 | GNOME libsoup HTTP Proxy chiffrement faible | 319 | 4.5 | 4.5 | $0-$5k | $0-$5k | Non défini | 0.00000 | 3.83 | Non défini | CVE-2026-5119 |