CVE-2026-5119 MEDIUM

CVE-2026-5119: Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-319 · Cleartext transmission
Published March 30, 2026
Last update June 9, 2026

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.

Key dates

02Disclosure timeline

March 30, 2026 CVE published
June 9, 2026 Record updated