CVE-2026-5119 in GNOME libsoup
요약 (영어)
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
책임이 있는
redhat
예약하다
2026. 03. 30.
공개
2026. 03. 30.
엔트리
| 아이디 | 취약성 | CWE | 기본 | 임시 | 0day | 오늘 | 악용 | KEV | EPSS | CTI | 대책 | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 354152 | GNOME libsoup HTTP Proxy 약한 암호화 | 319 | 4.5 | 4.5 | $0-$5k | $0-$5k | 정의되지 않음 | 0.00000 | 3.83+ | 정의되지 않음 | CVE-2026-5119 |